#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; reference:url,doc.emergingthreats.net/2008509; classtype:trojan-activity; sid:2008509; rev:4;)

Added 2014-08-26 19:07:49 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; reference:url,doc.emergingthreats.net/2008509; classtype:trojan-activity; sid:2008509; rev:3;)

Added 2011-10-12 19:25:16 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; classtype:trojan-activity; reference:url,bits.packetninjas.org/eblog/?p=3; reference:url,doc.emergingthreats.net/2008509; sid:2008509; rev:3;)

Added 2011-09-14 22:38:43 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; classtype:trojan-activity; reference:url,bits.packetninjas.org/eblog/?p=3; reference:url,doc.emergingthreats.net/2008509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_VirtualProtect; sid:2008509; rev:3;)

Added 2011-02-04 17:27:41 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_VirtualProtect; sid:2008509; rev:3;)

Added 2009-02-13 19:47:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_VirtualProtect; sid:2008509; rev:3;)

Added 2009-02-13 19:47:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_VirtualProtect; sid:2008509; rev:3;)

Added 2009-02-13 19:46:39 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_VirtualProtect; sid:2008509; rev:3;)

Added 2009-02-13 19:46:39 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_VirtualProtect; sid:2008509; rev:3;)

Added 2009-02-13 19:45:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_VirtualProtect; sid:2008509; rev:3;)

Added 2009-02-13 19:45:24 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; sid:2008509; rev:2;)

Added 2008-08-19 15:00:22 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary - Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; sid:2008509; rev:2;)

Added 2008-08-19 15:00:22 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN VirtualProtect? Packed Binary -- Likely Hostile"; flow:established,from_server; content:"|2E 72 73 72 63|"; content:"|2E 70 61 63 6B 33 32 00|"; within:49; reference:url,bits.packetninjas.org/eblog/?p=3; classtype:trojan-activity; sid:2008509; rev:1;)

Added 2008-08-19 14:30:21 UTC


Topic revision: r1 - 2014-08-26 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats