alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Dirt Jumper/Russkill3 Checkin"; flow:established,to_server; content:"POST"; nocase; http_method; content:"HTTP/1.0"; content:"k="; fast_pattern; depth:2; http_client_body; pcre:"/k=\d{15}/P"; reference:md5,10e7af7057833a19097cb22ba0bd1b99; reference:url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/; reference:url,www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html; classtype:trojan-activity; sid:2013439; rev:10;)

Added 2014-10-03 16:40:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dirt Jumper/Russkill3 Checkin"; flow:established,to_server; content:"POST"; nocase; http_method; content:"HTTP/1.0"; content:"k="; fast_pattern; depth:2; http_client_body; pcre:"/k=\d{15}/P"; reference:url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e; reference:url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/; reference:url,www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html; classtype:trojan-activity; sid:2013439; rev:8;)

Added 2012-04-17 21:48:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dirt Jumper/Russkill3 Checkin"; flow:established,to_server; content:"POST"; nocase; http_method; content:"HTTP/1.0"; content:"k="; fast_pattern; depth:2; http_client_body; pcre:"/k=\d{15}/"; reference:url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e; reference:url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/; reference:url,www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html; classtype:trojan-activity; sid:2013439; rev:7;)

Added 2012-03-20 17:59:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dirt Jumper/Russkill3 Checkin"; flow:established,to_server; content:"POST"; http_method; content:"HTTP/1.0"; content:"k="; fast_pattern; depth:2; http_client_body; pcre:"/k=\d{15}/"; reference:url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e; reference:url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/; reference:url,www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html; classtype:trojan-activity; sid:2013439; rev:6;)

Added 2012-03-13 14:42:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dirt Jumper/Russkill3 Checkin"; flow:established,to_server; content:"POST"; http_method; content:"HTTP/1.0"; http_header; content:"k="; depth:2; http_client_body; pcre:"/k=\d{15}/"; reference:url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e; reference:url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/; reference:url,www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html; classtype:trojan-activity; sid:2013439; rev:4;)

Added 2011-10-25 21:45:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dirt Jumper/Russkill3 Checkin"; flow:established,to_server; content:"POST"; http_method; content:"/update/m_d.php"; http_uri; content:"k="; depth:2; http_client_body; reference:url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e; reference:url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/; classtype:trojan-activity; sid:2013439; rev:3;)

Added 2011-10-12 19:36:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dirt Jumper/Russkill3 Checkin"; flow:established,to_server; content:"POST"; http_method; content:"/update/m_d.php"; http_uri; content:"k="; depth:2; http_client_body; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e; reference:url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/; sid:2013439; rev:3;)

Added 2011-08-20 07:22:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Dirt Jumper/Russkill3 Checkin"; flow:established,to_server; content:"POST"; http_method; content:"/update/m_d.php"; http_uri; content:"k="; depth:2; http_client_body; classtype:trojan-activity; reference:url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e; reference:url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/; sid:2013439; rev:3;)

Added 2011-08-19 16:53:15 UTC


Topic revision: r1 - 2014-10-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats