alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN DNSTrojan FakeAV? Dropper Activity Observed (2)"; flow:established,to_server; content:"/getfile.php?r="; http_uri; nocase; content:"&p="; http_uri; nocase; pcre:"/\/getfile\.php\?r=-?\d+&p=/U"; reference:url,www.abuse.ch/?p=2740; reference:url,www.abuse.ch/?p=2796; reference:url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88; reference:url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139; classtype:trojan-activity; sid:2011578; rev:2;)

Added 2011-10-12 19:32:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN DNSTrojan FakeAV? Dropper Activity Observed (2)"; flow:established,to_server; content:"/getfile.php?r="; http_uri; nocase; content:"&p="; http_uri; nocase; pcre:"/\/getfile\.php\?r=-?\d+&p=/U"; classtype:trojan-activity; reference:url,www.abuse.ch/?p=2740; reference:url,www.abuse.ch/?p=2796; reference:url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88; reference:url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139; sid:2011578; rev:2;)

Added 2011-02-04 17:31:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN DNSTrojan FakeAV? Dropper Activity Observed (2)"; flow:established,to_server; uricontent:"/getfile.php?r="; nocase; uricontent:"&p="; nocase; pcre:"/\/getfile\.php\?r=-?\d+&p=/U"; classtype:trojan-activity; reference:url,www.abuse.ch/?p=2740; reference:url,www.abuse.ch/?p=2796; reference:url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88; reference:url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139; sid:2011578; rev:1;)

Topic revision: r1 - 2010-10-28 - PhilipPlantamura
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats