alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; content:"/?jutr="; fast_pattern; nocase; http_uri; content:"&oo="; nocase; http_uri; content:"&ra="; nocase; http_uri; content:"Host|3A|"; http_header; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/Hmi"; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; reference:url,doc.emergingthreats.net/2008859; classtype:trojan-activity; sid:2008859; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; content:"/?jutr="; fast_pattern; nocase; http_uri; content:"&oo="; nocase; http_uri; content:"&ra="; nocase; http_uri; content:"Host|3A|"; http_header; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/Hmi"; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; reference:url,doc.emergingthreats.net/2008859; classtype:trojan-activity; sid:2008859; rev:6;)

Added 2012-01-16 19:46:56 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; content:"/?jutr="; nocase; http_uri; content:"&oo="; nocase; http_uri; content:"&ra="; nocase; http_uri; content:"Host|3A|"; http_header; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/Hmi"; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; reference:url,doc.emergingthreats.net/2008859; classtype:trojan-activity; sid:2008859; rev:5;)

Added 2011-10-12 19:26:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; content:"/?jutr="; nocase; http_uri; content:"&oo="; nocase; http_uri; content:"&ra="; nocase; http_uri; content:"Host|3A|"; http_header; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/Hmi"; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; reference:url,doc.emergingthreats.net/2008859; sid:2008859; rev:5;)

Added 2011-09-14 22:39:28 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; content:"/?jutr="; nocase; http_uri; content:"&oo="; nocase; http_uri; content:"&ra="; nocase; http_uri; content:"Host|3A|"; http_header; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/Hmi"; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; reference:url,doc.emergingthreats.net/2008859; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008859; rev:5;)

Added 2011-02-04 17:28:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; uricontent:"/?jutr="; nocase; uricontent:"&oo="; nocase; uricontent:"&ra="; nocase; content:"Host|3A|"; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/mi";classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; reference:url,doc.emergingthreats.net/2008859; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008859; rev:3;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; uricontent:"/?jutr="; nocase; uricontent:"&oo="; nocase; uricontent:"&ra="; nocase; content:"Host|3A|"; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/mi";classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; reference:url,doc.emergingthreats.net/2008859; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2008859; rev:3;)

Added 2009-02-12 18:21:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; uricontent:"/?jutr="; nocase; uricontent:"&oo="; nocase; uricontent:"&ra="; nocase; content:"Host|3A|"; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/mi";classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; sid:2008859; rev:2;)

Added 2008-12-08 11:30:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; uricontent:"/?jutr="; nocase; uricontent:"&oo="; nocase; uricontent:"&ra="; nocase; content:"Host|3A|"; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/mi";classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F; sid:2008859; rev:2;)

Added 2008-12-08 11:30:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Downloader Win32.Small.agoy Checkin"; flow:to_server,established; uricontent:"/?jutr="; nocase; uricontent:"&oo="; nocase; uricontent:"&ra="; nocase; content:"Host|3A|"; nocase; pcre:"/^Host\x3A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/mi";classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39; reference:url,www.threatexpert.com/reports.aspx?find=%2Futest%2F; sid:2008859; rev:1;)

Added 2008-12-08 11:00:22 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats