alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN DaGame? Variant CnC? Checkin"; flow:established,to_server; content:"/logexp.php?aid="; http_uri; content:"&pid="; http_uri; content:"&kind="; http_uri; pcre:"/User\x2DAgent\x3A\x20[a-f0-9]{5,14}\x0D\x0A/H"; classtype:trojan-activity; sid:2015489; rev:2; metadata:created_at 2012_07_19, updated_at 2012_07_19;)

Added 2017-08-07 21:09:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN DaGame? Variant CnC? Checkin"; flow:established,to_server; content:"/logexp.php?aid="; http_uri; content:"&pid="; http_uri; content:"&kind="; http_uri; pcre:"/User\x2DAgent\x3A\x20[a-f0-9]{5,14}\x0D\x0A/H"; classtype:trojan-activity; sid:2015489; rev:1;)

Added 2012-07-19 20:02:39 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats