##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED iPhone Bot iKee.B Contacting C&C"; flow:to_server,established; content:"/xml/p.php?id="; http_uri; nocase; pcre:"/\/xml\/p\.php\?id=\d{2,}/Ui"; reference:url,mtc.sri.com/iPhone/; reference:url,doc.emergingthreats.net/2010551; classtype:trojan-activity; sid:2010551; rev:8;)

Added 2011-10-12 19:30:02 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED iPhone Bot iKee.B Contacting C&C"; flow:to_server,established; content:"/xml/p.php?id="; http_uri; nocase; pcre:"/\/xml\/p\.php\?id=\d{2,}/Ui"; classtype:trojan-activity; reference:url,mtc.sri.com/iPhone/; reference:url,doc.emergingthreats.net/2010551; sid:2010551; rev:8;)

Added 2011-09-14 22:43:13 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED iPhone Bot iKee.B Contacting C&C"; flow:to_server,established; content:"/xml/p.php?id="; http_uri; nocase; pcre:"/\/xml\/p\.php\?id=\d{2,}/Ui"; classtype:trojan-activity; reference:url,mtc.sri.com/iPhone/; reference:url,doc.emergingthreats.net/2010551; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ikee; sid:2010551; rev:8;)

Added 2011-02-04 17:30:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS iPhone Bot iKee.B Contacting C&C"; flow:to_server,established; uricontent:"/xml/p.php?id="; pcre:"/\/xml\/p\.php\?id=\d{2,}/U"; classtype:trojan-activity; reference:url,mtc.sri.com/iPhone/; reference:url,doc.emergingthreats.net/2010551; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ikee; sid:2010551; rev:2;)

Added 2009-12-22 20:30:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS iPhone Bot iKee.B Contacting C&C"; flow:to_server,established; uricontent:"/xml/p.php?id="; pcre:"/\/xml\/p\.php\?id=\d{2,}/U"; classtype:trojan-activity; reference:url,mtc.sri.com/iPhone/; reference:url,doc.emergingthreats.net/2010551; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Ikee; sid:2010551; rev:2;)

Added 2009-12-22 20:29:15 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats