alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Suspicious User-Agent (Agent and 5 or 6 digits)"; flow:established,to_server; content:"User-Agent|3a| Agent"; http_header; pcre:"/^User-Agent\x3a Agent\d{5,6}\r$/Hmi"; classtype:trojan-activity; sid:2013315; rev:9;)

Added 2012-05-22 18:40:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32/SWInformer.B User-Agent (FDMuiless)"; flow:to_server,established; content:"User-Agent|3a| FDMuiless|0d 0a|"; http_header; reference:url,www.threatexpert.com/report.aspx?md5=0f90568d86557d62f7d4e1c0f7167431; classtype:trojan-activity; sid:2014013; rev:1;)

Added 2011-12-08 18:37:10 UTC


Topic revision: r1 - 2012-05-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats