alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Dropper.Win32.Npkon Server Responce"; flow:from_server,established; content:"|40 1f|"; offset:1; depth:2; content:"|01|"; distance:1; within:1; content:"|10 00 00 00|"; distance:1; within:4; dsize:26; reference:url,www.threatexpert.com/report.aspx?md5=a7f4a7d08fa650a5f09a00519b944b0b; classtype:trojan-activity; sid:2013794; rev:1;)

Added 2011-11-16 19:57:13 UTC


Topic revision: r1 - 2011-11-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats