#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Content-Type image/jpeg with DOS MZ header set likely 2nd stage download"; flow:established,from_server; content:"Content-Type|3a 20|image/jpeg|0d 0a|"; content:"MZ"; distance:0; content:"This program cannot be run in DOS mode"; fast_pattern; distance:0; classtype:trojan-activity; sid:2012633; rev:3; metadata:created_at 2011_04_05, updated_at 2011_04_05;)

Added 2017-08-07 21:05:47 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Content-Type image/jpeg with DOS MZ header set likely 2nd stage download"; flow:established,from_server; content:"Content-Type|3a 20|image/jpeg|0d 0a|"; content:"MZ"; distance:0; content:"This program cannot be run in DOS mode"; fast_pattern; distance:0; classtype:trojan-activity; sid:2012633; rev:2;)

Added 2012-03-07 18:45:03 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Content-Type image/jpeg with DOS MZ header set likely 2nd stage download"; flow:established,from_server; content:"Content-Type|3a 20|image/jpeg|0d 0a|"; content:"MZ"; distance:0; content:"This program cannot be run in DOS mode"; fast_pattern; distance:0; classtype:trojan-activity; sid:2012633; rev:2;)

Added 2011-10-12 19:34:49 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Content-Type image/jpeg with DOS MZ header set likely 2nd stage download"; flow:established,from_server; content:"Content-Type|3a 20|image/jpeg|0d 0a|"; content:"MZ"; distance:0; content:"This program cannot be run in DOS mode"; fast_pattern; distance:0; classtype:trojan-activity; sid:2012633; rev:2;)

Added 2011-04-05 14:30:36 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats