alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin"; flow:established,to_server; content:"/stat"; http_uri; content:".php?w="; http_uri; content:"&i=00000000000"; http_uri; fast_pattern; content:"&a="; http_uri; content:"Opera/6 (Windows NT 5.1|3b 20|"; http_user_agent; metadata: former_category TROJAN; classtype:trojan-activity; sid:2013907; rev:4; metadata:created_at 2011_11_10, updated_at 2017_11_27;)

Added 2017-11-27 16:30:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin"; flow:established,to_server; content:"/stat"; http_uri; content:".php?w="; http_uri; content:"&i=00000000000"; http_uri; fast_pattern; content:"&a="; http_uri; content:"User-Agent|3a 20|Opera/6 (Windows NT 5.1|3b 20|"; http_header; classtype:trojan-activity; sid:2013907; rev:3; metadata:created_at 2011_11_10, updated_at 2011_11_10;)

Added 2017-08-07 21:07:12 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin"; flow:established,to_server; content:"/stat"; http_uri; content:".php?w="; http_uri; content:"&i=00000000000"; http_uri; fast_pattern; content:"&a="; http_uri; content:"User-Agent|3a 20|Opera/6 (Windows NT 5.1|3b 20|"; http_header; classtype:trojan-activity; sid:2013907; rev:3;)

Added 2012-03-07 18:45:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin"; flow:established,to_server; content:"/stat2.php"; http_uri; content:"w="; http_uri; content:"i="; http_uri; content:"a="; content:"User-Agent|3a 20|Opera/6 (Windows NT 5.1|3b 20|U|3b 20|LangID=409|3b 20|x86)"; http_header; classtype:trojan-activity; sid:2013907; rev:1;)

Added 2011-11-10 19:48:48 UTC


Topic revision: r1 - 2017-11-27 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats