alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Sykipot Checkin"; flow:established,from_client; content:"allow_get.asp?name="; fast_pattern; http_uri; content:"&hostname="; http_uri; distance:0; content:!"Referer|3a|"; http_header; reference:cve,CVE-2011-2462; reference:url,blog.9bplus.com/analyzing-cve-2011-2462; reference:url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html; classtype:trojan-activity; sid:2014006; rev:3; metadata:created_at 2011_12_08, updated_at 2011_12_08;)

Added 2017-08-07 21:07:19 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Backdoor.Win32.Sykipot Checkin"; flow:established,from_client; content:"allow_get.asp?name="; fast_pattern; http_uri; content:"&hostname="; http_uri; distance:0; content:!"Referer|3a|"; http_header; reference:cve,CVE-2011-2462; reference:url,blog.9bplus.com/analyzing-cve-2011-2462; reference:url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html; classtype:trojan-activity; sid:2014006; rev:3;)

Added 2015-11-30 19:15:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Backdoor.Win32.Sykipot Checkin"; flow:established,from_client; content:"/kys_allow_get.asp?name="; http_uri; content:"&hostname="; http_uri; reference:cve,CVE-2011-2462; reference:url,blog.9bplus.com/analyzing-cve-2011-2462; reference:url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html; classtype:trojan-activity; sid:2014006; rev:1;)

Added 2011-12-08 18:37:09 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats