alert tcp $HOME_NET any -> $EXTERNAL_NET 88 (msg:"ET TROJAN Virus.Win32.Sality.aa Checkin"; flow:established,to_server; content:".txt"; offset:4; depth:9; content:"User-Agent|3a| Download|0d 0a|"; within:64; reference:md5,1e0e6717f72b66f6fc83f2ef6c00dcb7; classtype:trojan-activity; sid:2014826; rev:5;)

Added 2012-05-30 00:23:05 UTC


Topic revision: r1 - 2012-05-30 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats