alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Darkness DDoS? Bot Checkin"; flow:established,to_server; content:".php?uid="; nocase; http_uri; content:"&ver="; distance:0; http_uri; content:!"Accept|3a|"; http_header; pcre:"/\.php\?uid=\d{5,6}&ver=[^&]+(&traff=\d+)?$/U"; content:"darkness"; depth:8; http_user_agent; fast_pattern; reference:url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101205; reference:url,ef.kaffenews.com/?p=833; reference:url,www.threatexpert.com/report.aspx?md5=55edeb8742f0c38aaa3d984eb4205c68; reference:url,www.threatexpert.com/report.aspx?md5=60c84bb1ca03f80ca385f16946322440; reference:url,www.threatexpert.com/report.aspx?md5=7fcebf5bd67cede35d08bedd683e3524; reference:url,www.threatexpert.com/report.aspx?md5=778113cc4e758ed65de0123bb79cbd1f; classtype:trojan-activity; sid:2011996; rev:13; metadata:created_at 2010_12_06, updated_at 2010_12_06;)

Added 2017-08-07 21:05:04 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Darkness DDoS? Bot Checkin"; flow:established,to_server; content:".php?uid="; nocase; http_uri; content:"&ver="; distance:0; http_uri; content:!"Accept|3a|"; http_header; pcre:"/\.php\?uid=\d{5,6}&ver=[^&]+(&traff=\d+)?$/U"; content:"darkness"; depth:8; http_user_agent; fast_pattern; reference:url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101205; reference:url,ef.kaffenews.com/?p=833; reference:url,www.threatexpert.com/report.aspx?md5=55edeb8742f0c38aaa3d984eb4205c68; reference:url,www.threatexpert.com/report.aspx?md5=60c84bb1ca03f80ca385f16946322440; reference:url,www.threatexpert.com/report.aspx?md5=7fcebf5bd67cede35d08bedd683e3524; reference:url,www.threatexpert.com/report.aspx?md5=778113cc4e758ed65de0123bb79cbd1f; classtype:trojan-activity; sid:2011996; rev:13;)

Added 2015-03-12 18:50:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Darkness DDoS? Bot Checkin"; flow:established,to_server; content:".php?uid="; nocase; http_uri; content:"&ver="; distance:0; http_uri; content:!"Accept|3a|"; http_header; pcre:"/\.php\?uid=\d{5,6}&ver=[^&]+(&traff=\d+)?$/U"; reference:url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101205; reference:url,ef.kaffenews.com/?p=833; reference:url,www.threatexpert.com/report.aspx?md5=55edeb8742f0c38aaa3d984eb4205c68; reference:url,www.threatexpert.com/report.aspx?md5=60c84bb1ca03f80ca385f16946322440; reference:url,www.threatexpert.com/report.aspx?md5=7fcebf5bd67cede35d08bedd683e3524; reference:url,www.threatexpert.com/report.aspx?md5=778113cc4e758ed65de0123bb79cbd1f; classtype:trojan-activity; sid:2011996; rev:10;)

Added 2013-11-25 18:40:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Darkness DDoS? Bot Checkin"; flow:established,to_server; content:".php?uid="; nocase; http_uri; content:"&ver="; distance:0; http_uri; pcre:"/\.php\?uid=\d*&ver=[^&]+(&traff=\d+)?$/U"; reference:url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101205; reference:url,ef.kaffenews.com/?p=833; reference:url,www.threatexpert.com/report.aspx?md5=55edeb8742f0c38aaa3d984eb4205c68; reference:url,www.threatexpert.com/report.aspx?md5=60c84bb1ca03f80ca385f16946322440; reference:url,www.threatexpert.com/report.aspx?md5=7fcebf5bd67cede35d08bedd683e3524; reference:url,www.threatexpert.com/report.aspx?md5=778113cc4e758ed65de0123bb79cbd1f; classtype:trojan-activity; sid:2011996; rev:8;)

Added 2011-10-12 19:33:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Darkness DDoS? Bot Checkin"; flow:established,to_server; content:".php?uid="; nocase; http_uri; content:"&ver="; distance:0; http_uri; pcre:"/\.php\?uid=\d{6}&ver=[^&]+(&traff=\d+)?$/U"; classtype:trojan-activity; reference:url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101205; reference:url,ef.kaffenews.com/?p=833; reference:url,www.threatexpert.com/report.aspx?md5=55edeb8742f0c38aaa3d984eb4205c68; reference:url,www.threatexpert.com/report.aspx?md5=60c84bb1ca03f80ca385f16946322440; reference:url,www.threatexpert.com/report.aspx?md5=7fcebf5bd67cede35d08bedd683e3524; reference:url,www.threatexpert.com/report.aspx?md5=778113cc4e758ed65de0123bb79cbd1f; sid:2011996; rev:6;)

Added 2011-02-04 17:31:50 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats