alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MSIL.Amiricil.gen HTTP Checkin"; flow:established,to_server; content:"/registerSession.py?"; http_uri; nocase; content:"proj="; http_uri; nocase; content:"&country="; http_uri; nocase; content:"&lang="; http_uri; nocase; content:"&channel="; http_uri; nocase; content:"source="; http_uri; nocase; content:"User-Agent|3a| NSIS_Inetc (Mozilla)"; http_header; reference:url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed; reference:url,doc.emergingthreats.net/2011677; classtype:trojan-activity; sid:2011677; rev:5;)

Added 2011-10-12 19:32:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MSIL.Amiricil.gen HTTP Checkin"; flow:established,to_server; content:"/registerSession.py?"; http_uri; nocase; content:"proj="; http_uri; nocase; content:"&country="; http_uri; nocase; content:"&lang="; http_uri; nocase; content:"&channel="; http_uri; nocase; content:"source="; http_uri; nocase; content:"User-Agent|3a| NSIS_Inetc (Mozilla)"; http_header; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed; reference:url,doc.emergingthreats.net/2011677; sid:2011677; rev:5;)

Added 2011-09-14 22:45:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE MSIL.Amiricil.gen HTTP Checkin"; flow:established,to_server; content:"/registerSession.py?"; http_uri; nocase; content:"proj="; http_uri; nocase; content:"&country="; http_uri; nocase; content:"&lang="; http_uri; nocase; content:"&channel="; http_uri; nocase; content:"source="; http_uri; nocase; content:"User-Agent|3a| NSIS_Inetc (Mozilla)"; http_header; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed; reference:url,doc.emergingthreats.net/2011677; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Amiricil; sid:2011677; rev:5;)

Added 2011-03-16 18:15:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MSIL.Amiricil.gen HTTP Checkin"; flow:established,to_server; content:"/registerSession.py?"; http_uri; nocase; content:"proj="; http_uri; nocase; content:"&country="; http_uri; nocase; content:"&lang="; http_uri; nocase; content:"&channel="; http_uri; nocase; content:"source="; http_uri; nocase; content:"User-Agent|3a| NSIS_Inetc (Mozilla)"; http_header; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed; reference:url,doc.emergingthreats.net/2011677; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Amiricil; sid:2011677; rev:5;)

Added 2011-02-04 17:31:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MSIL.Amiricil.gen HTTP Checkin"; flow:established,to_server; uricontent:"/registerSession.py?"; nocase; uricontent:"proj="; nocase; uricontent:"&country="; nocase; uricontent:"&lang="; nocase; uricontent:"&channel="; nocase; uricontent:"source="; nocase; content:"|0d 0a|User-Agent\: NSIS_Inetc (Mozilla)"; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed; reference:url,doc.emergingthreats.net/2011677; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Amiricil; sid:2011677; rev:2;)

Added 2010-06-18 13:31:11 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MSIL.Amiricil.gen HTTP Checkin"; flow:established,to_server; uricontent:"/registerSession.py?"; nocase; uricontent:"proj="; nocase; uricontent:"&country="; nocase; uricontent:"&lang="; nocase; uricontent:"&channel="; nocase; uricontent:"source="; nocase; content:"|0d 0a|User-Agent\: NSIS_Inetc (Mozilla)"; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed; reference:url,doc.emergingthreats.net/2011677; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Amiricil; sid:2011677; rev:2;)

Added 2010-06-18 13:31:11 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN MSIL.Amiricil.gen HTTP Checkin"; flow:established,to_server; uricontent:"/registerSession.py?"; nocase; uricontent:"proj="; nocase; uricontent:"&country="; nocase; uricontent:"&lang="; nocase; uricontent:"&channel="; nocase; uricontent:"source="; nocase; content:"|0d 0a|User-Agent\: NSIS_Inetc (Mozilla)"; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed; sid:2011677; rev:1;)

Added 2010-06-16 09:30:59 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats