alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32.Qakbot Request for Compromised FTP Sites"; flow:established,to_server; content:"/cgi-bin/jl/ad03.pl?pv=2&d="; http_uri; reference:url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99; classtype:trojan-activity; sid:2012972; rev:2; metadata:created_at 2011_06_08, updated_at 2011_06_08;)

Added 2017-08-07 21:06:11 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32.Qakbot Request for Compromised FTP Sites"; flow:established,to_server; content:"/cgi-bin/jl/ad03.pl?pv=2&d="; http_uri; reference:url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99; classtype:trojan-activity; sid:2012972; rev:1;)

Added 2011-10-12 19:35:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN W32.Qakbot Request for Compromised FTP Sites"; flow:established,to_server; content:"/cgi-bin/jl/ad03.pl?pv=2&d="; http_uri; classtype:trojan-activity; reference:url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99; sid:2012972; rev:1;)

Added 2011-06-08 23:52:20 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats