alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible Worm W32.Svich or Other Infection Request for setting.ini"; flow:established,to_server; content:"/setting.ini"; nocase; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=fcb828c0b735ea8d560a45b3bdd29b94; reference:url,www.threatexpert.com/report.aspx?md5=36d9a446d6311f9a4c19865e2b62f15d; classtype:trojan-activity; sid:2012198; rev:5;)

Added 2014-09-12 16:28:29 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Worm W32.Svich or Other Infection Request for setting.ini"; flow:established,to_server; content:"/setting.ini"; nocase; http_uri; reference:url,www.threatexpert.com/report.aspx?md5=fcb828c0b735ea8d560a45b3bdd29b94; reference:url,www.threatexpert.com/report.aspx?md5=36d9a446d6311f9a4c19865e2b62f15d; classtype:trojan-activity; sid:2012198; rev:1;)

Added 2011-10-12 19:33:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible Worm W32.Svich or Other Infection Request for setting.ini"; flow:established,to_server; content:"/setting.ini"; nocase; http_uri; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=fcb828c0b735ea8d560a45b3bdd29b94; reference:url,www.threatexpert.com/report.aspx?md5=36d9a446d6311f9a4c19865e2b62f15d; sid:2012198; rev:1;)

Added 2011-02-04 17:32:06 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats