alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Spyware.Agent.elbb lava.cn Game Exe Download"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/LavaGame_"; http_uri; nocase; content:".exe"; nocase; http_uri; reference:url,securelist.com/en/descriptions/17601150/Trojan-Dropper.Win32.Agent.elbb?print_mode=1; reference:md5,c2b4f8abc742bf048f3856525c1b2800; reference:md5,4937dc6e111996dbe331327e7e9a4a12; reference:url,www.amada.abuse.ch/?search=download.lava.cn; classtype:trojan-activity; sid:2014059; rev:7;)

Added 2012-07-13 21:15:02 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Spyware.Agent.elbb lava.cn Related Reporting"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/GAME/36/LavaGame_2.2.exe"; nocase; http_uri; reference:url,securelist.com/en/descriptions/17601150/Trojan-Dropper.Win32.Agent.elbb?print_mode=1; classtype:trojan-activity; sid:2014059; rev:4;)

Added 2012-04-30 18:34:24 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Dropper.Win32.Agent.elbb Reporting"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/GAME/36/LavaGame_2.2.exe"; nocase; http_uri; reference:url,securelist.com/en/descriptions/17601150/Trojan-Dropper.Win32.Agent.elbb?print_mode=1; classtype:trojan-activity; sid:2014059; rev:3;)

Added 2012-03-27 00:27:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Dropper.Win32.Agent.elbb Reporting"; flow:established,to_server; content:"GET"; http_method; content:"/GAME/36/LavaGame_2.2.exe"; nocase; http_uri; reference:url,securelist.com/en/descriptions/17601150/Trojan-Dropper.Win32.Agent.elbb?print_mode=1; classtype:trojan-activity; sid:2014059; rev:2;)

Added 2012-01-02 17:48:31 UTC


Topic revision: r1 - 2012-07-14 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats