alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fakealert.Rena CnC? Checkin 2"; flow:established,to_server; content:"/images/img.php?id="; content:"HTTP/1.1|0d 0a|User-Agent"; fast_pattern:only; content:"|20|HTTP/1.1|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|"; content:"|3b 20|Windows|20|NT|20|"; distance:0; content:")|0d 0a|Host|3a 20|"; distance:0; content:"Cache-Control|3a 20|no-cache|0d 0a 0d 0a|"; distance:0; content:!"|0d 0a|Accept"; reference:url,www.malware-control.com/statics-pages/24b9c5f59a4706689d4f9bb5f510ec35.php; classtype:trojan-activity; sid:2013382; rev:2;)

Added 2011-10-12 19:36:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fakealert.Rena CnC? Checkin 2"; flow:established,to_server; content:"/images/img.php?id="; content:"HTTP/1.1|0d 0a|User-Agent"; fast_pattern:only; content:"|20|HTTP/1.1|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|"; content:"|3b 20|Windows|20|NT|20|"; distance:0; content:")|0d 0a|Host|3a 20|"; distance:0; content:"Cache-Control|3a 20|no-cache|0d 0a 0d 0a|"; distance:0; content:!"|0d 0a|Accept"; classtype:trojan-activity; reference:url,www.malware-control.com/statics-pages/24b9c5f59a4706689d4f9bb5f510ec35.php; sid:2013382; rev:2;)

Added 2011-08-09 06:32:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Fakealert.Rena CnC? Checkin 2"; flow:established,to_server; content:"/images/img.php?id="; content:"HTTP/1.1|0d 0a|User-Agent"; fast_pattern:only; content:"|20|HTTP/1.1|0d 0a|User-Agent|3a 20|Mozilla/4.0|20|(compatible|3b 20|MSIE|20|"; content:"|3b 20|Windows|20|NT|20|"; distance:0; content:")|0d 0a|Host|3a 20|"; distance:0; content:"Cache-Control|3a 20|no-cache|0d 0a 0d 0a|"; distance:0; content:!"|0d 0a|Accept"; classtype:trojan-activity; reference:url,www.malware-control.com/statics-pages/24b9c5f59a4706689d4f9bb5f510ec35.php; sid:2013382; rev:2;)

Added 2011-08-08 21:58:52 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats