alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32/Kuluoz.B Request"; flow:established,to_server; content:"GET"; http_method; pcre:"/\/[a-f0-9]+$/Ui"; content:"Windows NT 9.0|3b|"; http_header; pcre:"/^Host\x3a\s*(\d{1,3}\.){3}\d{1,3}(\x3a\d{1,5})?\r?$/Hmi"; reference:md5,0282bc929bae27ef95733cfa390b10e0; classtype:trojan-activity; sid:2015985; rev:2;)

Added 2013-02-18 18:44:22 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Win32/Kuluoz.B Request"; flow:established,to_server; content:"GET"; http_method; pcre:"/^\/[a-f0-9]+$/Ui"; content:"Windows NT 9.0|3b|"; http_header; pcre:"/^Host\x3a\s*(\d{1,3}\.){3}\d{1,3}(\x3a\d{1,5})?\r?$/Hmi"; reference:md5,0282bc929bae27ef95733cfa390b10e0; classtype:trojan-activity; sid:2015985; rev:1;)

Added 2012-12-04 19:55:45 UTC


Topic revision: r1 - 2013-02-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats