alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN General Win32 Backdoor Checkin POST"; flow:established,to_server; content:"Admin="; depth:6; http_client_body; content:"&UserName="; http_client_body; content:"&IsProxy="; http_client_body; flowbits:isset,ET.bd1; reference:url,doc.emergingthreats.net/2009241; classtype:trojan-activity; sid:2009241; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST"; flow:established,to_server; content:"Admin="; depth:6; http_client_body; content:"&UserName="; http_client_body; within:25; content:"&IsProxy="; http_client_body; within:50; flowbits:isset,ET.bd1; reference:url,doc.emergingthreats.net/2009241; classtype:trojan-activity; sid:2009241; rev:5;)

Added 2013-06-27 20:56:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST"; flow:established,to_server; content:"Admin="; depth:6; http_client_body; content:"&UserName="; within:25; content:"&IsProxy="; within:50; flowbits:isset,ET.bd1; reference:url,doc.emergingthreats.net/2009241; classtype:trojan-activity; sid:2009241; rev:4;)

Added 2011-10-12 19:26:56 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST"; flow:established,to_server; content:"Admin="; depth:6; http_client_body; content:"&UserName="; within:25; content:"&IsProxy="; within:50; flowbits:isset,ET.bd1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009241; sid:2009241; rev:4;)

Added 2011-09-14 22:40:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST"; flow:established,to_server; content:"Admin="; depth:6; http_client_body; content:"&UserName="; within:25; content:"&IsProxy="; within:50; flowbits:isset,ET.bd1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009241; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Backdoor.General; sid:2009241; rev:4;)

Added 2011-02-04 17:28:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST"; flow:established,to_server; content:"|0d 0a 0d 0a|Admin="; depth:10; content:"&UserName="; distance:0; within:25; content:"&IsProxy="; distance:0; within:50; flowbits:isset,ET.bd1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009241; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Backdoor.General; sid:2009241; rev:2;)

Added 2009-04-20 17:00:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST"; flow:established,to_server; content:"|0d 0a 0d 0a|Admin="; depth:10; content:"&UserName="; distance:0; within:25; content:"&IsProxy="; distance:0; within:50; flowbits:isset,ET.bd1; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009241; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Backdoor.General; sid:2009241; rev:2;)

Added 2009-04-20 17:00:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN General Win32 Backdoor Checkin POST"; flow:established,to_server; content:"|0d 0a 0d 0a|Admin="; depth:10; content:"&UserName="; distance:0; within:25; content:"&IsProxy="; distance:0; within:50; flowbits:isset,ET.bd1; classtype:trojan-activity; sid:2009241; rev:1;)

Added 2009-04-17 03:00:34 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats