#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN P2P? Zeus Response From CnC?"; flow:established,from_server; content:"|E5 AA C0 31|"; depth:4; content:"|5B 74|"; distance:5; within:2; content:"|C1|"; distance:4; within:2; reference:url,www.abuse.ch/?p=3499; classtype:trojan-activity; sid:2013912; rev:4; metadata:created_at 2011_11_11, updated_at 2011_11_11;)

Added 2018-09-13 19:43:52 UTC


Added 2018-09-13 17:56:00 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN P2P? Zeus Response From CnC?"; flow:established,from_server; content:"|E5 AA C0 31|"; depth:4; content:"|5B 74|"; distance:5; within:2; content:"|C1|"; distance:4; within:2; reference:url,www.abuse.ch/?p=3499; classtype:trojan-activity; sid:2013912; rev:4; metadata:created_at 2011_11_11, updated_at 2011_11_11;)

Added 2018-05-14 17:25:12 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN P2P? Zeus Response From CnC?"; flow:established,from_server; content:"|E5 AA C0 31|"; depth:4; content:"|5B 74|"; distance:5; within:2; content:"|C1|"; distance:4; within:2; reference:url,www.abuse.ch/?p=3499; classtype:trojan-activity; sid:2013912; rev:4; metadata:created_at 2011_11_11, updated_at 2011_11_11;)

Added 2017-08-07 21:07:12 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ZeroAccess? Response From P2P? Botnet CnC?"; flow:established,from_server; content:"|E5 AA C0 31|"; depth:4; content:"|5B 74|"; distance:5; within:2; content:"|C1|"; distance:4; within:2; classtype:trojan-activity; sid:2013912; rev:2;)

Added 2011-11-11 17:39:45 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats