alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Atya Dropper Possible Rootkit - HTTP GET"; flow:established,to_server; content:"GET"; nocase; http_method; content:"b="; http_uri; nocase; content:"&idf="; http_uri; nocase; content:"&v="; http_uri; nocase; content:"&o="; http_uri; nocase; reference:url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e; reference:url,doc.emergingthreats.net/2009450; classtype:trojan-activity; sid:2009450; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Atya Dropper Possible Rootkit - HTTP GET"; flow:established,to_server; content:"GET"; nocase; http_method; content:"b="; http_uri; nocase; content:"&idf="; http_uri; nocase; content:"&v="; http_uri; nocase; content:"&o="; http_uri; nocase; reference:url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e; reference:url,doc.emergingthreats.net/2009450; classtype:trojan-activity; sid:2009450; rev:5;)

Added 2012-03-16 17:35:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Atya Dropper Possible Rootkit - HTTP GET"; flow:established,to_server; content:"GET"; http_method; content:"b="; http_uri; nocase; content:"&idf="; http_uri; nocase; content:"&v="; http_uri; nocase; content:"&o="; http_uri; nocase; reference:url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e; reference:url,doc.emergingthreats.net/2009450; classtype:trojan-activity; sid:2009450; rev:4;)

Added 2011-10-12 19:27:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Atya Dropper Possible Rootkit - HTTP GET"; flow:established,to_server; content:"GET"; http_method; content:"b="; http_uri; nocase; content:"&idf="; http_uri; nocase; content:"&v="; http_uri; nocase; content:"&o="; http_uri; nocase; classtype:trojan-activity; reference:url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e; reference:url,doc.emergingthreats.net/2009450; sid:2009450; rev:4;)

Added 2011-09-14 22:40:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Atya Dropper Possible Rootkit - HTTP GET"; flow:established,to_server; content:"GET"; http_method; content:"b="; http_uri; nocase; content:"&idf="; http_uri; nocase; content:"&v="; http_uri; nocase; content:"&o="; http_uri; nocase; classtype:trojan-activity; reference:url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e; reference:url,doc.emergingthreats.net/2009450; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Atya; sid:2009450; rev:4;)

Added 2011-02-04 17:28:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Atya Dropper Possible Rootkit - HTTP GET"; flow:established,to_server; content:"GET "; depth:4; uricontent:"b="; nocase; uricontent:"&idf="; nocase; uricontent:"&v="; nocase; uricontent:"&o="; nocase; reference:url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009450; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Atya; sid:2009450; rev:2;)

Added 2009-06-28 20:15:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Atya Dropper Possible Rootkit - HTTP GET"; flow:established,to_server; content:"GET "; depth:4; uricontent:"b="; nocase; uricontent:"&idf="; nocase; uricontent:"&v="; nocase; uricontent:"&o="; nocase; reference:url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009450; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Atya; sid:2009450; rev:2;)

Added 2009-06-28 20:15:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Atya Dropper Possible Rootkit - HTTP GET"; flow:established,to_server; content:"GET "; depth:4; uricontent:"b="; nocase; uricontent:"&idf="; nocase; uricontent:"&v="; nocase; uricontent:"&o="; nocase; reference:url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e; classtype:trojan-activity; sid:2009450; rev:1;)

Added 2009-06-28 16:15:34 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats