alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Spy.Win32.Zbot.djrm Checkin"; flow:to_server,established; content:"/index.html?mac="; http_uri; content:"&ver="; http_uri; content:"&os="; http_uri; content:"&dtime="; fast_pattern; http_uri; content:"User-Agent|3a| baidu|0d 0a|"; http_header; reference:md5,b895249cce7d2c27cb9c480feb36560c; reference:md5,f70a5f52d4c0071963602c25b62865cb; classtype:trojan-activity; sid:2014399; rev:2;)

Added 2012-03-19 23:39:16 UTC


Topic revision: r1 - 2012-03-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats