alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Java Exploit Download payload likely Hiloti"; uricontent:".html/"; nocase; content:!"|0d 0a|Referer\: "; nocase; content:") Java/"; nocase; pcre:"/\/[a-z0-9]+\/[a-z0-9]+\.html\/[a-z0-9]{62,}$/Ui"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen!D; reference:url,doc.emergingthreats.net/2011102; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hiltoi; sid:2011102; rev:3;)

Added 2010-05-11 13:01:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Java Exploit Download payload likely Hiloti"; uricontent:".html/"; nocase; content:!"|0d 0a|Referer\: "; nocase; content:") Java/"; nocase; pcre:"/\/[a-z0-9]+\/[a-z0-9]+\.html\/[a-z0-9]{62,}$/Ui"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen!D; reference:url,doc.emergingthreats.net/2011102; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hiltoi; sid:2011102; rev:3;)

Added 2010-05-11 13:01:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Java Exploit Download payload likely Hiloti"; uricontent:".html/"; nocase; content:!"|0d 0a|Referer\: "; content:") Java/"; pcre:"/\/[a-z0-9]+\/[a-z0-9]+\.html\/[a-z0-9]{62,}$/Ui"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen!D; reference:url,doc.emergingthreats.net/2011102; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hiltoi; sid:2011102; rev:3;)

Added 2010-05-11 12:45:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Java Exploit Download payload likely Hiloti"; uricontent:".html/"; nocase; content:!"|0d 0a|Referer\: "; content:") Java/"; pcre:"/\/[a-z0-9]+\/[a-z0-9]+\.html\/[a-z0-9]{62,}$/Ui"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen!D; reference:url,doc.emergingthreats.net/2011102; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hiltoi; sid:2011102; rev:3;)

Added 2010-05-11 12:45:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Java Exploit Download payload likely Hiltoi"; uricontent:".html/"; nocase; content:!"|0d 0a|Referer\: "; content:") Java/"; pcre:"/\/[a-z0-9]+\/[a-z0-9]+\.html\/[a-z0-9]{62,}$/Ui"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen!D; sid:2011102; rev:1;)

Added 2010-05-10 17:46:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Java Exploit Download payload likely Hiltoi"; uricontent:".html/"; nocase; content:!"|0d 0a|Referer\: "; content:") Java/"; pcre:"/\/[a-z0-9]+\/[a-z0-9]+\.html\/[a-z0-9]{62,}$/Ui"; classtype:trojan-activity; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen!D; sid:2011102; rev:1;)

Added 2010-05-10 17:41:14 UTC


Topic revision: r1 - 2010-05-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats