#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; content:"action="; nocase; http_uri; content:"&guid="; nocase; http_uri; content:"&rnd="; nocase; http_uri; content:"&uid="; nocase; http_uri; content:"&entity="; http_uri; nocase; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; classtype:trojan-activity; sid:2009354; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:29 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; content:"action="; nocase; http_uri; content:"&guid="; nocase; http_uri; content:"&rnd="; nocase; http_uri; content:"&uid="; nocase; http_uri; content:"&entity="; http_uri; nocase; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; classtype:trojan-activity; sid:2009354; rev:9;)

Added 2017-04-21 17:28:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; content:"action="; nocase; http_uri; content:"&guid="; nocase; http_uri; content:"&rnd="; nocase; http_uri; content:"&uid="; nocase; http_uri; content:"&entity="; http_uri; nocase; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; classtype:trojan-activity; sid:2009354; rev:7;)

Added 2011-10-12 19:27:11 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; content:"action="; nocase; http_uri; content:"&guid="; nocase; http_uri; content:"&rnd="; nocase; http_uri; content:"&uid="; nocase; http_uri; content:"&entity="; http_uri; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; sid:2009354; rev:7;)

Added 2011-09-14 22:40:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; content:"action="; nocase; http_uri; content:"&guid="; nocase; http_uri; content:"&rnd="; nocase; http_uri; content:"&uid="; nocase; http_uri; content:"&entity="; http_uri; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:7;)

Added 2011-02-04 17:28:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:6;)

Added 2010-07-17 13:46:03 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:6;)

Added 2010-07-17 13:46:03 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:6;)

Added 2010-07-17 13:44:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:6;)

Added 2010-07-17 13:44:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader\:Win32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:5;)

Added 2009-10-27 14:00:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader\:Win32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:5;)

Added 2009-10-27 14:00:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Gumblar Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader\:Win32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:4;)

Added 2009-05-31 15:00:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Gumblar Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader\:Win32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:4;)

Added 2009-05-31 15:00:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Gumblar Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader:Win32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:3;)

Added 2009-05-28 14:15:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Gumblar Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader:Win32/Bredolab.B; reference:url,doc.emergingthreats.net/2009354; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Bredolab; sid:2009354; rev:3;)

Added 2009-05-28 14:15:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Gumblar Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader:Win32/Bredolab.B; sid:2009354; rev:2;)

Added 2009-05-27 12:00:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab/Gumblar Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader:Win32/Bredolab.B; sid:2009354; rev:2;)

Added 2009-05-27 12:00:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Bredolab Downloader Communicating With Controller (2)"; flow:established,to_server; uricontent:"action="; nocase; uricontent:"&guid="; nocase; uricontent:"&rnd="; nocase; uricontent:"&uid="; nocase; uricontent:"&entity="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader:Win32/Bredolab.B; sid:2009354; rev:1;)

Added 2009-05-20 12:30:35 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats