#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Pinkslipbot Trojan Downloader"; flow:to_server,established; uricontent:"/jl/jloader.pl?u="; nocase; content:"&it=2"; nocase; http_uri; content:"&b="; nocase; http_uri; content:"&n="; nocase; http_uri; pcre:"/\x26n\x3d[a-z]{5}\d{4}/U"; reference:url,doc.emergingthreats.net/2010742; classtype:trojan-activity; sid:2010742; rev:4; metadata:affected_product Any, attack_target Client_Endpoint, deployment Perimeter, tag Trojan_Downloader, signature_severity Major, created_at 2010_07_30, updated_at 2016_07_01;)

Added 2017-08-07 21:03:52 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Pinkslipbot Trojan Downloader"; flow:to_server,established; content:"/jl/jloader.pl?"; nocase; http_uri; content:"&it=2"; nocase; http_uri; content:"&b="; nocase; http_uri; content:"&n="; nocase; http_uri; pcre:"/\x26n\x3d[a-z]{5}\d{4}/U"; reference:url,doc.emergingthreats.net/2010742; classtype:trojan-activity; sid:2010742; rev:4;)

Added 2011-10-12 19:30:28 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Pinkslipbot Trojan Downloader"; flow:to_server,established; content:"/jl/jloader.pl?"; nocase; http_uri; content:"&it=2"; nocase; http_uri; content:"&b="; nocase; http_uri; content:"&n="; nocase; http_uri; pcre:"/\x26n\x3d[a-z]{5}\d{4}/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010742; sid:2010742; rev:4;)

Added 2011-09-14 22:43:39 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Pinkslipbot Trojan Downloader"; flow:to_server,established; content:"/jl/jloader.pl?"; nocase; http_uri; content:"&it=2"; nocase; http_uri; content:"&b="; nocase; http_uri; content:"&n="; nocase; http_uri; pcre:"/\x26n\x3d[a-z]{5}\d{4}/U"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010742; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Pinkslipbot; sid:2010742; rev:4;)

Added 2011-04-22 14:56:31 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Pinkslipbot Trojan Downloader"; flow:to_server,established; content:"/jl/jloader.pl?u="; nocase; http_uri; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010742; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Pinkslipbot; sid:2010742; rev:3;)

Added 2011-02-04 17:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Pinkslipbot Trojan Downloader"; flow:to_server,established; uricontent:"/jl/jloader.pl?u="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010742; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Pinkslipbot; sid:2010742; rev:2;)

Added 2010-01-29 11:39:57 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats