alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2)"; flow:established,to_client; file_data; content:"[info]delay|3a|"; content:"|7c|upd|3a|"; within:20; content:"[/info]"; distance:0; reference:url,malwarelab.org/2009/11/russian-malware-bundle/; reference:url,doc.emergingthreats.net/2010744; classtype:trojan-activity; sid:2010744; rev:4;)

Added 2011-10-12 19:30:29 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2)"; flow:established,to_client; file_data; content:"[info]delay|3a|"; content:"|7c|upd|3a|"; within:20; content:"[/info]"; distance:0; classtype:trojan-activity; reference:url,malwarelab.org/2009/11/russian-malware-bundle/; reference:url,doc.emergingthreats.net/2010744; sid:2010744; rev:4;)

Added 2011-09-14 22:43:40 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2)"; flow:established,to_client; file_data; content:"[info]delay|3a|"; content:"|7c|upd|3a|"; within:20; content:"[/info]"; distance:0; classtype:trojan-activity; reference:url,malwarelab.org/2009/11/russian-malware-bundle/; reference:url,doc.emergingthreats.net/2010744; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown; sid:2010744; rev:4;)

Added 2011-02-04 17:30:23 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2)"; flow:established,to_client; content:"|0d 0a 0d 0a|[info]delay|3a|"; content:"|7c|upd|3a|"; within:20; content:"[/info]"; distance:0; classtype:trojan-activity; reference:url,malwarelab.org/2009/11/russian-malware-bundle/; reference:url,doc.emergingthreats.net/2010744; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown; sid:2010744; rev:3;)

Added 2010-03-24 09:30:56 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2)"; flow:established,to_client; content:"|0d 0a 0d 0a|[info]delay|3a|"; content:"|7c|upd|3a|"; within:20; content:"[/info]"; distance:0; classtype:trojan-activity; reference:url,malwarelab.org/2009/11/russian-malware-bundle/; reference:url,doc.emergingthreats.net/2010744; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown; sid:2010744; rev:3;)

Added 2010-03-24 09:30:56 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2)"; flow:established,to_client; content:"|0d 0a 0d 0a|[info]delay|3a|"; content:"|7c|upd|3a|"; within:20; content:"[/info]"; distance:0; classtype:trojan-activity; reference:url,malwarelab.org/2009/11/russian-malware-bundle/; reference:url,doc.emergingthreats.net/2010724; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Unknown; sid:2010744; rev:2;)

Added 2010-01-29 11:39:57 UTC

HTTP/1.1 200 OK
Date: Mon, 01 Feb 2010 14:57:10 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch16
X-Powered-By: PHP/5.2.0-8+etch16
Content-Length: 37
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
[info]delay:30|upd:1|backurls:[/info]

-- JackPepper - 01 Feb 2010


Topic revision: r2 - 2010-02-01 - JackPepper
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats