alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Stupid Stealer C&C Communication (2)"; flow:established,to_server; content:"action=add"; nocase; http_uri; content:"&status="; nocase; http_uri; content:"&wmid="; nocase; http_uri; content:"&os="; nocase; http_uri; content:"&pcname="; http_uri; nocase; reference:url,amada.abuse.ch/?search=f4bf4fb71d0846b0d43f22f0a77253fb; classtype:trojan-activity; sid:2011371; rev:2;)

Added 2011-10-12 19:31:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Stupid Stealer C&C Communication (2)"; flow:established,to_server; content:"action=add"; nocase; http_uri; content:"&status="; nocase; http_uri; content:"&wmid="; nocase; http_uri; content:"&os="; nocase; http_uri; content:"&pcname="; http_uri; nocase; classtype:trojan-activity; reference:url,amada.abuse.ch/?search=f4bf4fb71d0846b0d43f22f0a77253fb; sid:2011371; rev:2;)

Added 2011-02-04 17:31:11 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Stupid Stealer C&C Communication (2)"; flow:established,to_server; uricontent:"action=add"; nocase; uricontent:"&status="; nocase; uricontent:"&wmid="; nocase; uricontent:"&os="; nocase; uricontent:"&pcname="; nocase; classtype:trojan-activity; reference:url,amada.abuse.ch/?search=f4bf4fb71d0846b0d43f22f0a77253fb; reference:url,doc.emergingthreats.net/2011371; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Stupid_Stealer; sid:2011371; rev:2;)

Added 2010-08-19 16:58:23 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats