alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Shylock Module Server Response"; flow:established,from_server; content:"|0d 0a 0d 0a 23 23 23|ERROR_SRC|23 23 23|"; content:"|23 23 23|ERROR_SRC_END|23 23 23|"; distance:0; reference:url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1; reference:url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2; classtype:trojan-activity; sid:2013688; rev:1;)

Added 2011-10-12 19:37:18 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Shylock Module Server Response"; flow:established,from_server; content:"|0d 0a 0d 0a 23 23 23|ERROR_SRC|23 23 23|"; content:"|23 23 23|ERROR_SRC_END|23 23 23|"; distance:0; classtype:trojan-activity; reference:url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1; reference:url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2; sid:2013688; rev:1;)

Added 2011-09-21 19:26:28 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats