alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN FireEye.STX RAT Checkin"; flow:established,to_server; content:"GET /WinData.DLL?HELO-STX-1*"; depth:28; content:"$|0D 0A|"; distance:0; within:40; reference:url,blog.fireeye.com/research/2012/04/spear-phished-by-fireeye.html; reference:md5,89217de164ffca0f0fed54a8003eb98f; classtype:trojan-activity; sid:2014632; rev:2;)

Added 2014-12-05 18:20:53 UTC


Topic revision: r1 - 2014-12-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats