alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN SuspectCRC? FakeAV? Checkin"; flow:established,to_server; content:"value.php?"; http_uri; content:"md="; http_uri; content:"&pc="; http_uri; content:"User-Agent|3a| sample"; http_header; reference:url,www.threatexpert.com/report.aspx?md5=54c9d51661a05151e5143f4e80cbed86; classtype:trojan-activity; sid:2013799; rev:2;)

Added 2011-10-24 14:48:54 UTC


Topic revision: r1 - 2011-10-24 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats