EmergingThreats> Main Web>2013256 (revision 2)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Majestic12 User-Agent Request Outbound"; flow:established,to_server; content:"MJ12bot/"; http_header; classtype:trojan-activity; sid:2013256; rev:2;)

Added 2011-07-19 09:37:54 UTC

How does one tell if this is a host in the Majestic12 network or a trojan? I'm getting a ton of hits from this.

-- ChrisLibby - 29 Jul 2011


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Majestic12 User-Agent Request Outbound"; flow:established,to_server; content:"MJ12bot/"; http_header; classtype:trojan-activity; sid:2013256; rev:2;)

Added 2011-07-19 00:15:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Majestic12 UA Request Outbound"; flow:established,to_server; content:"MJ12bot/"; http_header; classtype:trojan-activity; sid:2013256; rev:1;)

Added 2011-07-12 14:29:59 UTC


Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2011-07-29 - ChrisLibby
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats