alert tcp $EXTERNAL_NET 6661:6668 -> $HOME_NET any (msg:"ET TROJAN IRC Bot Download http Command"; flow:established,from_server; content:"JOIN |3a|#"; nocase; content:"dl|20|http|3a 2f 2f|"; distance:0; content:"|2e|exe"; distance:0; reference:md5,fa6ae89b101a0367cc98798c7333e3a4; classtype:trojan-activity; sid:2014439; rev:4;)

Added 2012-06-12 16:38:41 UTC


alert tcp $EXTERNAL_NET 6661:6668 -> $HOME_NET any (msg:"ET TROJAN IRC Bot Download http Command"; flow:established,from_server; content:"JOIN |3a|#"; nocase; content:"!dl|20|http|3a 2f 2f|"; distance:0; content:"|2e|exe"; distance:0; reference:md5,fa6ae89b101a0367cc98798c7333e3a4; classtype:trojan-activity; sid:2014439; rev:3;)

Added 2012-03-28 18:03:48 UTC


Topic revision: r1 - 2012-06-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats