2006910 < Main < EmergingThreats

EmergingThreats>

Main Web>2006910 (2018-09-13, TWikiGuest)

EditAttach

#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED perlb0t/w0rmb0t Response (Case 1)"; flow:established,to_server; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; reference:url,doc.emergingthreats.net/2006910; classtype:trojan-activity; sid:2006910; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2018-09-13 19:39:14 UTC

Added 2018-09-13 17:53:31 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED perlb0t/w0rmb0t Response (Case 1)"; flow:established,to_server; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; reference:url,doc.emergingthreats.net/2006910; classtype:trojan-activity; sid:2006910; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:00:09 UTC

#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED perlb0t/w0rmb0t Response (Case 1)"; flow:established,to_server; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; reference:url,doc.emergingthreats.net/2006910; classtype:trojan-activity; sid:2006910; rev:7;)

Added 2011-10-21 14:50:59 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; reference:url,doc.emergingthreats.net/2006910; classtype:trojan-activity; sid:2006910; rev:6;)

Added 2011-10-12 19:21:51 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006910; sid:2006910; rev:6;)

Added 2011-09-14 22:35:23 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006910; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006910; rev:6;)

Added 2011-02-04 17:25:55 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006910; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006910; rev:6;)

Added 2009-07-29 15:22:55 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flow:established; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006910; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006910; rev:6;)

Added 2009-07-29 15:22:55 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006910; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006910; rev:5;)

Added 2009-02-13 19:15:24 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2006910; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_IRC_Bots; sid:2006910; rev:5;)

Added 2009-02-13 19:15:24 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; sid:2006910; rev:4;)

Added 2008-08-27 11:15:21 UTC

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; sid:2006910; rev:4;)

Added 2008-08-27 11:15:21 UTC

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; sid:2006910; rev:3;)

Added 2008-03-09 19:05:29 UTC

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; classtype:trojan-activity; sid:2006910; rev:3;)

Added 2008-03-09 19:05:29 UTC

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; flowbits:set,BE.trojan; classtype:trojan-activity; sid:2006910; rev:2;)

Added 2008-01-31 10:12:23 UTC

alert tcp any any -> any any (msg:"ET TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; flowbits:set,BE.trojan; classtype:trojan-activity; sid:2006910; rev:2;)

Added 2008-01-31 10:12:23 UTC

alert tcp any any -> any any (msg: "BLEEDING-EDGE TROJAN perlb0t/w0rmb0t Response (Case 1)"; flowbits:isset,is_proto_irc; content:"|3A 02 5B|"; content:"|5B 02|"; within: 32; pcre:"/\x3A\x02\x5B(Atk33|Exploiting|Finished|GOOGLE.*|HTTP.{0,8}|PKS-SCAN.{0,20}|Results|RSH|SCAN|TCP.{0,8}|UDP.{0,8}|v6.{0,12}|VERSION)\x5D\x02/i"; flowbits:set,BE.trojan; classtype:trojan-activity; sid:2006910; rev:1;)

Added 2007-08-10 01:20:19 UTC

Topic revision: r1 - 2018-09-13 - TWikiGuest

Main

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ