alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Proxy.Win32.Fackemo.g/Katusha/FakeAlert Checkin"; flow:to_server,established; content:"POST"; http_method; content:"magic="; http_uri; content:"&id="; http_uri; content:"&cache="; http_uri; content:"&tm="; http_uri; content:"&ox="; http_uri; content:!"Mozilla"; http_user_agent; reference:md5,29457bd7a95e11bfd0e614a6e237a344; reference:md5,173a060ed791e620c2ec84d7b360ed60; reference:url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o; classtype:trojan-activity; sid:2008523; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Proxy.Win32.Fackemo.g/Katusha/FakeAlert Checkin"; flow:to_server,established; content:"POST"; http_method; content:"magic="; http_uri; content:"&id="; http_uri; content:"&cache="; http_uri; content:"&tm="; http_uri; content:"&ox="; http_uri; content:!"Mozilla"; http_header; reference:md5,29457bd7a95e11bfd0e614a6e237a344; reference:md5,173a060ed791e620c2ec84d7b360ed60; reference:url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o; classtype:trojan-activity; sid:2008523; rev:6;)

Added 2013-06-11 21:40:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin likely Variant.TDss.33"; flow:to_server,established; content:"magic="; nocase; http_uri; content:"&id="; http_uri; content:"&cache="; http_uri; content:"&tm="; http_uri; reference:url,doc.emergingthreats.net/2008523; reference:url,www.threatexpert.com/report.aspx?md5=0e800d2cf26790d25ec6b50b88b0c6dd; reference:url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o; classtype:trojan-activity; sid:2008523; rev:5;)

Added 2011-10-12 19:25:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin likely Variant.TDss.33"; flow:to_server,established; content:"magic="; nocase; http_uri; content:"&id="; http_uri; content:"&cache="; http_uri; content:"&tm="; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008523; reference:url,www.threatexpert.com/report.aspx?md5=0e800d2cf26790d25ec6b50b88b0c6dd; reference:url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o; sid:2008523; rev:5;)

Added 2011-09-14 22:38:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin likely Variant.TDss.33"; flow:to_server,established; content:"magic="; nocase; http_uri; content:"&id="; http_uri; content:"&cache="; http_uri; content:"&tm="; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008523; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; reference:url,www.threatexpert.com/report.aspx?md5=0e800d2cf26790d25ec6b50b88b0c6dd; reference:url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o; sid:2008523; rev:5;)

Added 2011-08-25 18:48:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow:to_server,established; content:"magic="; nocase; http_uri; content:"&id="; http_uri; content:"&cache="; http_uri; content:"&tm="; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008523; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2008523; rev:5;)

Added 2011-02-04 17:27:42 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow:to_server,established; uricontent:"magic="; nocase; uricontent:"&id="; uricontent:"&cache="; uricontent:"&tm="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008523; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2008523; rev:3;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow:to_server,established; uricontent:"magic="; nocase; uricontent:"&id="; uricontent:"&cache="; uricontent:"&tm="; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008523; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_General; sid:2008523; rev:3;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow:to_server,established; uricontent:"magic="; nocase; uricontent:"&id="; uricontent:"&cache="; uricontent:"&tm="; classtype:trojan-activity; sid:2008523; rev:2;)

Added 2009-02-11 21:00:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Trojan Checkin"; flow:to_server,established; uricontent:"magic="; nocase; uricontent:"&id="; uricontent:"&cache="; uricontent:"&tm="; classtype:trojan-activity; sid:2008523; rev:2;)

Added 2009-02-11 21:00:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Generic Trojan Checkin"; flow:to_server,established; uricontent:"magic="; nocase; uricontent:"&id="; uricontent:"&cache="; uricontent:"&tm="; classtype:trojan-activity; sid:2008523; rev:1;)

Added 2008-08-28 13:45:21 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats