alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Hupigon.dkwt Related Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"htm?mac="; nocase; http_uri; content:"&os="; nocase; http_uri; content:"&ver="; nocase; http_uri; content:"&id="; http_uri; pcre:"/\?mac=[0-9]*?&os=[a-z]*?&ver=[0-9]{8}&id=/Ui"; reference:url,doc.emergingthreats.net/2009704; classtype:trojan-activity; sid:2009704; rev:8;)

Added 2012-09-28 00:08:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32.Hupigon.dkwt Related Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:"htm?mac="; nocase; http_uri; content:"&os="; nocase; http_uri; content:"&ver="; nocase; http_uri; content:"&id="; http_uri; pcre:"/\?mac=[0-9]*&os=[a-z]*&ver=[0-9]{8}&id=[0-9\.]*/Ui"; reference:url,doc.emergingthreats.net/2009704; classtype:trojan-activity; sid:2009704; rev:6;)

Added 2012-09-21 21:40:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Check-in"; flow:established,to_server; content:"GET"; nocase; http_method; content:"htm?mac="; nocase; http_uri; content:"&os="; nocase; http_uri; content:"&ver="; nocase; http_uri; content:"&id="; http_uri; pcre:"/\?mac=[0-9]*&os=[a-z]*&ver=[0-9]{8}&id=[0-9\.]*/Ui"; reference:url,doc.emergingthreats.net/2009704; classtype:trojan-activity; sid:2009704; rev:5;)

Added 2011-10-12 19:28:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Check-in"; flow:established,to_server; content:"GET"; nocase; http_method; content:"htm?mac="; nocase; http_uri; content:"&os="; nocase; http_uri; content:"&ver="; nocase; http_uri; content:"&id="; http_uri; pcre:"/\?mac=[0-9]*&os=[a-z]*&ver=[0-9]{8}&id=[0-9\.]*/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009704; sid:2009704; rev:5;)

Added 2011-09-14 22:41:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Check-in"; flow:established,to_server; content:"GET"; nocase; http_method; content:"htm?mac="; nocase; http_uri; content:"&os="; nocase; http_uri; content:"&ver="; nocase; http_uri; content:"&id="; http_uri; pcre:"/\?mac=[0-9]*&os=[a-z]*&ver=[0-9]{8}&id=[0-9\.]*/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009704; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2009704; rev:5;)

Added 2011-02-04 17:29:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Check-in"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"htm?mac="; nocase; uricontent:"&os="; nocase; uricontent:"&ver="; nocase; uricontent:"&id="; pcre:"/\?mac=[0-9]*&os=[a-z]*&ver=[0-9]{8}&id=[0-9\.]*/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009704; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2009704; rev:2;)

Added 2009-08-03 20:45:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Check-in"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"htm?mac="; nocase; uricontent:"&os="; nocase; uricontent:"&ver="; nocase; uricontent:"&id="; pcre:"/\?mac=[0-9]*&os=[a-z]*&ver=[0-9]{8}&id=[0-9\.]*/Ui"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009704; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Downloader_General; sid:2009704; rev:2;)

Added 2009-08-03 20:45:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic Downloader Check-in"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"htm?mac="; nocase; uricontent:"&os="; nocase; uricontent:"&ver="; nocase; uricontent:"&id="; pcre:"/\?mac=[0-9]*&os=[a-z]*&ver=[0-9]{8}&id=[0-9\.]*/Ui"; classtype:trojan-activity; sid:2009704; rev:1;)

Added 2009-08-03 10:15:40 UTC


Topic revision: r1 - 2012-09-28 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats