#alert tcp $HOME_NET any -> 212.26.42.47 9090 (msg:"ET DELETED Possible ProFTPD? Backdoor Initiate Attempt"; flow:to_server; reference:url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/; reference:url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org; reference:url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed; classtype:trojan-activity; sid:2011992; rev:3; metadata:created_at 2010_12_02, updated_at 2010_12_02;)

Added 2017-08-07 21:05:04 UTC


##alert tcp $HOME_NET any -> 212.26.42.47 9090 (msg:"ET DELETED Possible ProFTPD? Backdoor Initiate Attempt"; flow:to_server; reference:url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/; reference:url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org; reference:url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed; classtype:trojan-activity; sid:2011992; rev:3;)

Added 2013-02-05 17:13:55 UTC


#alert tcp $HOME_NET any -> 212.26.42.47 9090 (msg:"ET CURRENT_EVENTS Possible ProFTPD? Backdoor Initiate Attempt"; flow:to_server; reference:url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/; reference:url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org; reference:url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed; classtype:trojan-activity; sid:2011992; rev:2;)

Added 2011-10-12 19:33:13 UTC


#alert tcp $HOME_NET any -> 212.26.42.47 9090 (msg:"ET CURRENT_EVENTS Possible ProFTPD? Backdoor Initiate Attempt"; flow:to_server; classtype: trojan-activity; reference:url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/; reference:url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org; reference:url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed; sid:2011992; rev:2;)

Added 2011-03-01 18:50:39 UTC


alert tcp $HOME_NET any -> 212.26.42.47 9090 (msg:"ET CURRENT_EVENTS Possible ProFTPD? Backdoor Initiate Attempt"; flow:to_server; classtype: trojan-activity; reference:url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/; reference:url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org; reference:url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed; sid:2011992; rev:2;)

Added 2011-02-04 17:31:50 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats