alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Ponmocup C2 Sending Data to Controller 2"; flow:established,to_server; content:"/cgi-bin/rokfeller3.cgi?v=11"; nocase; http_uri; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; classtype:trojan-activity; sid:2012800; rev:4; metadata:created_at 2011_05_10, updated_at 2011_05_10;)

Added 2017-08-07 21:05:59 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Ponmocup C2 Sending Data to Controller 2"; flow:established,to_server; content:"/cgi-bin/rokfeller3.cgi?v=11"; nocase; http_uri; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; classtype:trojan-activity; sid:2012800; rev:4;)

Added 2014-09-12 16:28:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Ponmocup C2 Sending Data to Controller 2"; flow:established,to_server; content:"/cgi-bin/rokfeller3.cgi?v=11"; nocase; http_uri; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; classtype:trojan-activity; sid:2012800; rev:2;)

Added 2011-10-12 19:35:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Ponmocup C2 Sending Data to Controller 2"; flow:established,to_server; content:"/cgi-bin/rokfeller3.cgi?v=11"; nocase; http_uri; classtype:trojan-activity; reference:url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/; reference:url,community.websense.com/forums/p/10728/23862.aspx; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443; sid:2012800; rev:2;)

Added 2011-07-27 00:56:49 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats