alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN wisp backdoor detected reporting"; flow:established,to_server; content:"getkys.kys"; nocase; http_uri; content:"hostname="; nocase; http_uri; classtype:trojan-activity; sid:2011395; rev:2;)

Added 2011-10-12 19:31:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN wisp backdoor detected reporting"; flow:established,to_server; content:"getkys.kys"; nocase; http_uri; content:"hostname="; nocase; http_uri; classtype:trojan-activity; sid:2011395; rev:2;)

Added 2011-02-04 17:31:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN wisp backdoor detected reporting"; flow:established,to_server; uricontent:"getkys.kys"; nocase; uricontent:"hostname="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2011395; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Wisp; sid:2011395; rev:2;)

Added 2010-08-31 16:04:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN wisp backdoor detected reporting"; flow:established,to_server; uricontent:"getkys.kys"; nocase; uricontent:"hostname="; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2011395; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Wisp; sid:2011395; rev:2;)

Added 2010-08-31 16:04:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN wisp backdoor detected reporting"; flow:established,to_server; uricontent:"getkys.kys"; nocase; uricontent:"hostname="; nocase; classtype:trojan-activity; sid:2011395; rev:1;)

Added 2010-08-27 10:25:39 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats