#alert udp $HOME_NET 1024: -> $EXTERNAL_NET any (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:set,ET.MariposaJoin; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; classtype:trojan-activity; sid:2010100; rev:7;)

Added 2015-10-05 19:05:52 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET any (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:set,ET.MariposaJoin; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; classtype:trojan-activity; sid:2010100; rev:7;)

Added 2012-08-08 23:16:23 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET any (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:noalert; flowbits:set,ET.MariposaJoin; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; classtype:trojan-activity; sid:2010100; rev:6;)

Added 2011-10-12 19:28:58 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET any (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:noalert; flowbits:set,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:6;)

Added 2011-09-14 22:42:14 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET any (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:noalert; flowbits:set,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:6;)

Added 2011-05-23 18:40:23 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET any (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:noalert; flowbits:set,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:6;)

Added 2011-05-23 18:25:46 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:noalert; flowbits:set,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:5;)

Added 2011-02-04 17:29:34 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:noalert; flowbits:set,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:5;)

Added 2009-11-04 19:57:08 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; flowbits:noalert; flowbits:set,ET.MariposaJoin; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:5;)

Added 2009-11-04 19:57:08 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:4;)

Added 2009-10-16 13:00:38 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; dsize:7; content:"|61|"; depth:1; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:4;)

Added 2009-10-16 13:00:38 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 3000: (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; content:"|61|"; depth:1; dsize:7; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:3;)

Added 2009-10-15 14:06:05 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 3000: (msg:"ET TROJAN Palevo/BFBot/Mariposa client join attempt"; content:"|61|"; depth:1; dsize:7; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; reference:url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php; reference:url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2; reference:url,www.symantec.com/connect/blogs/mariposa-butterfly; sid:2010100; rev:3;)

Added 2009-10-15 14:06:05 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 3000: (msg:"ET TROJAN Mariposa client join attempt"; content:"|61|"; depth:1; dsize:7; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; sid:2010100; rev:2;)

Added 2009-10-14 20:45:37 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 3000: (msg:"ET TROJAN Mariposa client join attempt"; content:"|61|"; depth:1; dsize:7; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; reference:url,doc.emergingthreats.net/2010100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Mariposa; sid:2010100; rev:2;)

Added 2009-10-14 20:45:37 UTC


alert udp $HOME_NET 1024: -> $EXTERNAL_NET 3000: (msg:"ET TROJAN Mariposa client join attempt"; content:"|61|"; depth:1; dsize:7; classtype:trojan-activity; reference:url,defintel.com/docs/Mariposa_Analysis.pdf; reference:url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html; sid:2010100; rev:1;)

Added 2009-10-14 14:05:20 UTC


Topic revision: r1 - 2015-10-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats