alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN P2P? Zeus Response From CnC?"; flow:established,from_server; content:"|E5 AA C0 31|"; depth:4; content:"|5B 74|"; distance:5; within:2; content:"|C1|"; distance:4; within:2; reference:url,www.abuse.ch/?p=3499; classtype:trojan-activity; sid:2013912; rev:4; metadata:created_at 2011_11_11, updated_at 2011_11_11;)

Added 2017-08-07 21:07:12 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ZeroAccess? Response From P2P? Botnet CnC?"; flow:established,from_server; content:"|E5 AA C0 31|"; depth:4; content:"|5B 74|"; distance:5; within:2; content:"|C1|"; distance:4; within:2; classtype:trojan-activity; sid:2013912; rev:2;)

Added 2011-11-11 17:39:45 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats