#alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; classtype:trojan-activity; sid:2008389; rev:2; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:34 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; classtype:trojan-activity; sid:2008389; rev:2;)

Added 2011-10-12 19:25:02 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; sid:2008389; rev:2;)

Added 2011-09-14 22:38:29 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)

Added 2011-07-07 22:32:26 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)

Added 2011-07-07 21:26:58 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)

Added 2011-07-05 19:08:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)

Added 2011-02-04 17:27:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)

Added 2009-02-12 18:21:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)

Added 2009-02-12 18:21:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; classtype:trojan-activity; sid:2008389; rev:1;)

Added 2008-07-09 15:35:40 UTC

To catch stuff like so, this on port 3128:

POST /+17131.html HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla
Host: 157.161.97.3

-----
HTTP/1.0 200 OK

YES
~~@@

-- MattJonkman - 09 Jul 2008


Topic revision: r2 - 2008-07-09 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats