#alert tcp $EXTERNAL_NET 91 -> $HOME_NET any (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; reference:url,doc.emergingthreats.net/2008676; classtype:trojan-activity; sid:2008676; rev:5;)

Added 2014-08-26 19:07:49 UTC


#alert tcp $EXTERNAL_NET 91 -> $HOME_NET any (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; reference:url,doc.emergingthreats.net/2008676; classtype:trojan-activity; sid:2008676; rev:4;)

Added 2011-10-12 19:25:36 UTC


#alert tcp $EXTERNAL_NET 91 -> $HOME_NET any (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008676; sid:2008676; rev:4;)

Added 2011-09-14 22:39:04 UTC


#alert tcp $EXTERNAL_NET 91 -> $HOME_NET any (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008676; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Assassin; sid:2008676; rev:4;)

Added 2011-02-04 17:27:52 UTC


alert tcp $EXTERNAL_NET 91 -> $HOME_NET any (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008676; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Assassin; sid:2008676; rev:4;)

Added 2010-06-09 20:41:07 UTC


alert tcp $EXTERNAL_NET 91 -> $HOME_NET any (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008676; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Assassin; sid:2008676; rev:4;)

Added 2010-06-09 20:41:07 UTC


alert tcp $EXTERNAL_NET 91 -> $HOME_NET 1024: (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008676; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Assassin; sid:2008676; rev:3;)

Added 2009-02-12 18:21:13 UTC


alert tcp $EXTERNAL_NET 91 -> $HOME_NET 1024: (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008676; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Assassin; sid:2008676; rev:3;)

Added 2009-02-12 18:21:13 UTC


alert tcp $EXTERNAL_NET 91 -> $HOME_NET 1024: (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; sid:2008676; rev:2;)

Added 2008-11-11 09:30:22 UTC


alert tcp $EXTERNAL_NET 91 -> $HOME_NET 1024: (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"10000002|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; sid:2008676; rev:2;)

Added 2008-11-11 09:30:22 UTC


alert tcp $EXTERNAL_NET 90:100 -> $HOME_NET 1024: (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"1000000|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; sid:2008676; rev:1;)

Added 2008-10-17 17:15:23 UTC

BackdoorWin32Assasin

-- MattJonkman - 17 Oct 2008


alert tcp $EXTERNAL_NET 90:100 -> $HOME_NET 1024: (msg:"ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply"; flowbits:isset,ET.assassin.start; flow:established,from_server; dsize:12; content:"1000000|5e 2a|"; depth:10; flowbits:set,ET.assassin.reply; classtype:trojan-activity; sid:2008676; rev:1;)

Added 2008-10-17 17:14:46 UTC


Topic revision: r2 - 2008-10-17 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats