#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Generic Downloader Checkin Url Detected"; flow:established,to_server; content:"??IP|3a|"; depth:100; content:"??IP|3a|"; distance:0; content:"????|3a|"; distance:0; pcre:"/IP\:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/U"; reference:url,doc.emergingthreats.net/2008766; classtype:trojan-activity; sid:2008766; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:55 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Generic Downloader Checkin Url Detected"; flow:established,to_server; content:"??IP|3a|"; depth:100; content:"??IP|3a|"; distance:0; content:"????|3a|"; distance:0; pcre:"/IP\:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/U"; reference:url,doc.emergingthreats.net/2008766; classtype:trojan-activity; sid:2008766; rev:5;)

Added 2012-11-15 19:06:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Checkin Url Detected"; flow:established,to_server; content:"??IP|3a|"; depth:100; content:"??IP|3a|"; distance:0; content:"????|3a|"; distance:0; pcre:"/IP\:\d[1,3]\.\d[1,3]\.\d[1,3]\.\d[1,3]/U"; reference:url,doc.emergingthreats.net/2008766; classtype:trojan-activity; sid:2008766; rev:3;)

Added 2011-10-12 19:25:49 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Checkin Url Detected"; flow:established,to_server; content:"??IP|3a|"; depth:100; content:"??IP|3a|"; distance:0; content:"????|3a|"; distance:0; pcre:"/IP\:\d[1,3]\.\d[1,3]\.\d[1,3]\.\d[1,3]/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008766; sid:2008766; rev:3;)

Added 2011-09-14 22:39:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Checkin Url Detected"; flow:established,to_server; content:"??IP|3a|"; depth:100; content:"??IP|3a|"; distance:0; content:"????|3a|"; distance:0; pcre:"/IP\:\d[1,3]\.\d[1,3]\.\d[1,3]\.\d[1,3]/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008766; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008766; rev:3;)

Added 2011-02-04 17:27:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Checkin Url Detected"; flow:established,to_server; content:"??IP\:"; depth:100; content:"??IP\:"; distance:0; content:"????\:"; distance:0; pcre:"/IP\:\d[1,3]\.\d[1,3]\.\d[1,3]\.\d[1,3]/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008766; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008766; rev:2;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Checkin Url Detected"; flow:established,to_server; content:"??IP\:"; depth:100; content:"??IP\:"; distance:0; content:"????\:"; distance:0; pcre:"/IP\:\d[1,3]\.\d[1,3]\.\d[1,3]\.\d[1,3]/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008766; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008766; rev:2;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Checkin Url Detected"; flow:established,to_server; content:"??IP\:"; depth:100; content:"??IP\:"; distance:0; content:"????\:"; distance:0; pcre:"/IP\:\d[1,3]\.\d[1,3]\.\d[1,3]\.\d[1,3]/U"; classtype:trojan-activity; sid:2008766; rev:1;)

Added 2008-11-12 09:15:22 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats