alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Cutwail.BE Checkin 1"; flow:established,from_client; dsize:234; content:"|16 03 00 00 37 01 00 00 33 03 00|"; depth:11; threshold: type limit, track by_src, seconds 60, count 1; reference:md5,4352407efc8891215b514a54db5b8a1d; reference:md5,45ab3554f3d60d07fc5228faff7784e1; classtype:trojan-activity; sid:2014271; rev:3;)

Added 2014-04-28 19:16:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Cutwail.BE Checkin 1"; flow:established,from_client; dsize:234; content:"|16 03 00 00 37 01 00 00 33 03 00|"; depth:11; threshold: type limit, track by_src, seconds 60, count 1; reference:md5,3d766c4d53188eb8173a5dc3cfc4e317; reference:md5,289f457083e8f59520b31a7ea13d16ec; classtype:trojan-activity; sid:2014271; rev:2;)

Added 2014-03-07 19:27:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Cutwail.BE Checkin 1"; flow:established,from_client; dsize:234; content:"|16 03 00 00 37 01 00 00 33 03 00|"; depth:11; reference:md5,3d766c4d53188eb8173a5dc3cfc4e317; reference:md5,289f457083e8f59520b31a7ea13d16ec; classtype:trojan-activity; sid:2014271; rev:1;)

Added 2012-02-24 17:26:00 UTC


Topic revision: r1 - 2014-04-28 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats