alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN PoisonIvy? RAT/Backdoor follow on POST Data PUSH Packet"; flow:established,to_server; flags:AP,12; content:"op="; nocase; content:"&servidor="; nocase; content:"&senha="; nocase; content:"&usuario="; nocase; content:"&base="; nocase; content:"&sgdb="; nocase; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597; reference:url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781; reference:url,doc.emergingthreats.net/2009806; classtype:trojan-activity; sid:2009806; rev:6;)

Added 2015-04-03 18:58:46 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Poison Ivy RAT/Backdoor follow on POST Data PUSH Packet"; flow:established,to_server; flags:AP,12; content:"op="; depth:3; nocase; content:"&servidor="; nocase; content:"&senha="; nocase; content:"&usuario="; nocase; content:"&base="; nocase; content:"&sgdb="; nocase; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597; reference:url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781; reference:url,doc.emergingthreats.net/2009806; classtype:trojan-activity; sid:2009806; rev:3;)

Added 2012-06-08 18:24:30 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Poisionivy RAT/Backdoor follow on POST Data PUSH Packet"; flow:established,to_server; flags:AP,12; content:"op="; depth:3; nocase; content:"&servidor="; nocase; content:"&senha="; nocase; content:"&usuario="; nocase; content:"&base="; nocase; content:"&sgdb="; nocase; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597; reference:url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781; reference:url,doc.emergingthreats.net/2009806; classtype:trojan-activity; sid:2009806; rev:2;)

Added 2011-10-12 19:28:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Poisionivy RAT/Backdoor follow on POST Data PUSH Packet"; flow:established,to_server; flags:AP,12; content:"op="; depth:3; nocase; content:"&servidor="; nocase; content:"&senha="; nocase; content:"&usuario="; nocase; content:"&base="; nocase; content:"&sgdb="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597; reference:url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781; reference:url,doc.emergingthreats.net/2009806; sid:2009806; rev:2;)

Added 2011-09-14 22:41:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Poisionivy RAT/Backdoor follow on POST Data PUSH Packet"; flow:established,to_server; flags:AP,12; content:"op="; depth:3; nocase; content:"&servidor="; nocase; content:"&senha="; nocase; content:"&usuario="; nocase; content:"&base="; nocase; content:"&sgdb="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597; reference:url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781; reference:url,doc.emergingthreats.net/2009806; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PoisonIvy; sid:2009806; rev:2;)

Added 2011-02-04 17:29:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Poisionivy RAT/Backdoor follow on POST Data PUSH Packet"; flow:established,to_server; flags:AP,12; content:"op="; depth:3; nocase; content:"&servidor="; nocase; content:"&senha="; nocase; content:"&usuario="; nocase; content:"&base="; nocase; content:"&sgdb="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597; reference:url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781; reference:url,doc.emergingthreats.net/2009806; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PoisonIvy; sid:2009806; rev:2;)

Added 2009-08-31 16:38:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Poisionivy RAT/Backdoor follow on POST Data PUSH Packet"; flow:established,to_server; flags:AP,12; content:"op="; depth:3; nocase; content:"&servidor="; nocase; content:"&senha="; nocase; content:"&usuario="; nocase; content:"&base="; nocase; content:"&sgdb="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597; reference:url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781; reference:url,doc.emergingthreats.net/2009806; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PoisonIvy; sid:2009806; rev:2;)

Added 2009-08-31 16:38:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Poisionivy RAT/Backdoor follow on POST Data PUSH Packet"; flow:established,to_server; flags:AP,12; content:"op="; depth:3; nocase; content:"&servidor="; nocase; content:"&senha="; nocase; content:"&usuario="; nocase; content:"&base="; nocase; content:"&sgdb="; nocase; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597; reference:url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781; sid:2009806; rev:1;)

Added 2009-08-28 10:24:51 UTC


Topic revision: r1 - 2015-04-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats