alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Poison.AU checkin"; flow:established,to_server; content:"|4D 53 47 20 35 20 4E 20 31 33 30 0D 0A 4D 49 4d 45 2d 56 65 72 73 69 6f 6e 3a 20 31 2e 30 0d 0a|"; depth:32; fast_pattern; content:"|f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6|"; reference:url,www.threatexpert.com/report.aspx?md5=4b8adc7612e984d12b77f197c59827a2; classtype:trojan-activity; sid:2012882; rev:4;)

Added 2012-01-30 23:37:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Poison.AU checkin"; flow:established,to_server; content:"|4D 53 47 20 35 20 4E 20 31 33 30 0D 0A 4D|"; depth:14; fast_pattern; content:"|45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0D 0A|"; within:18; content:"|96 F4 F6 F6 F7 F6 F6 F6 5C 10 3C 12 6A 34 2C 3C F6 F6|"; within:18; reference:url,www.threatexpert.com/report.aspx?md5=4b8adc7612e984d12b77f197c59827a2; classtype:trojan-activity; sid:2012882; rev:3;)

Added 2011-10-12 19:35:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Poison.AU checkin"; flow:established,to_server; content:"|4D 53 47 20 35 20 4E 20 31 33 30 0D 0A 4D|"; depth:14; fast_pattern; content:"|45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0D 0A|"; within:18; content:"|96 F4 F6 F6 F7 F6 F6 F6 5C 10 3C 12 6A 34 2C 3C F6 F6|"; within:18; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=4b8adc7612e984d12b77f197c59827a2; sid:2012882; rev:3;)

Added 2011-07-28 19:38:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Poison.AU checkin"; flow:established,to_server; content:"|4D 53 47 20 35 20 4E 20 31 33 30 0D 0A 4D|"; depth:14; fast_pattern; content:"|45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0D 0A|"; within:18; content:"|96 F4 F6 F6 F7 F6 F6 F6 5C 10 3C 12 6A 34 2C 3C F6 F6|"; within:18; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=4b8adc7612e984d12b77f197c59827a2; sid:2012882; rev:3;)

Added 2011-07-28 17:08:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Poison.AU checkin"; content:"|4D 53 47 20 35 20 4E 20 31 33 30 0D 0A 4D|"; depth:14; fast_pattern; content:"|45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0D 0A|"; within:18; content:"|96 F4 F6 F6 F7 F6 F6 F6 5C 10 3C 12 6A 34 2C 3C F6 F6|"; within:18; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=4b8adc7612e984d12b77f197c59827a2; sid:2012882; rev:2;)

Added 2011-06-01 17:07:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Poison.AU checkin"; content:"|4D 53 47 20 35 20 4E 20 31 33 30 0D 0A 4D|"; depth:14; fast_pattern; content:"|45 2D 56 65 72 73 69 6F 6E 3A 20 31 2E 30 0D 0A|"; within:18; content:"|96 F4 F6 F6 F7 F6 F6 F6 5C 10 3C 12 6A 34 2C 3C F6 F6|"; within:18; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=4b8adc7612e984d12b77f197c59827a2; reference:url,www.threatexpert.com/report.aspx?md5=e7fafdabfbc53a38716a9f0638f6e38; sid:2012882; rev:1;)

Added 2011-05-28 10:19:48 UTC

The second reference URL is broken. The MD5sum e7fafdabfbc53a38716a9f0638f6e38 is missing at least one digit.

-- JohnMorris - 01 Jun 2011

You're correct. I'll remove that reference, and add another relevant!

-- MattJonkman - 01 Jun 2011


Topic revision: r3 - 2011-06-01 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats