#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Banload Trojan Downloader Dropped Binary"; flow:established,to_client; content:"C|00|o|00|m|00|p|00|a|00|n|00|y|00|N|00|a|00|m|00|e|00|"; content:"m|00|i|00|l|00|k|00|"; fast_pattern; within:30; content:"I|00|n|00|t|00|e|00|r|00|n|00|a|00|l|00|N|00|a|00|m|00|e|00|"; distance:0; content:"m|00|i|00|l|00|k|00|"; within:30; content:"L|00|e|00|g|00|a|00|l|00|C|00|o|00|p|00|y|00|r|00|i|00|g|00|h|00|t|00|"; distance:0; content:"m|00|i|00|l|00|k|00|"; within:30; reference:md5,31bb4e0d67a5af96d5b5691966e25d73; classtype:trojan-activity; sid:2014367; rev:2;)

Added 2014-09-15 18:30:49 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS Banload Trojan Downloader Dropped Binary"; flow:established,to_client; content:"C|00|o|00|m|00|p|00|a|00|n|00|y|00|N|00|a|00|m|00|e|00|"; content:"m|00|i|00|l|00|k|00|"; fast_pattern; within:30; content:"I|00|n|00|t|00|e|00|r|00|n|00|a|00|l|00|N|00|a|00|m|00|e|00|"; distance:0; content:"m|00|i|00|l|00|k|00|"; within:30; content:"L|00|e|00|g|00|a|00|l|00|C|00|o|00|p|00|y|00|r|00|i|00|g|00|h|00|t|00|"; distance:0; content:"m|00|i|00|l|00|k|00|"; within:30; reference:md5,31bb4e0d67a5af96d5b5691966e25d73; classtype:trojan-activity; sid:2014367; rev:1;)

Added 2012-03-13 14:42:42 UTC


Topic revision: r1 - 2014-09-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats