#alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; classtype:trojan-activity; sid:2008389; rev:2; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2018-09-13 19:39:52 UTC
Added 2018-09-13 17:53:52 UTC
#alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; classtype:trojan-activity; sid:2008389; rev:2; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2017-08-07 21:01:34 UTC
##alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; classtype:trojan-activity; sid:2008389; rev:2;)
Added 2011-10-12 19:25:02 UTC
##alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; sid:2008389; rev:2;)
Added 2011-09-14 22:38:29 UTC
##alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)
Added 2011-07-07 22:32:26 UTC
##alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET DELETED Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)
Added 2011-07-07 21:26:58 UTC
#alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)
Added 2011-07-05 19:08:40 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; classtype:trojan-activity; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)
Added 2011-02-04 17:27:34 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)
Added 2009-02-12 18:21:17 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Hupington; sid:2008389; rev:2;)
Added 2009-02-12 18:21:17 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET 3128 (msg:"ET TROJAN Likely Hupigon Post to Controller"; flow:established,to_server; content:"POST /+"; depth:7; flowbits:noalert; flowbits:set,ET.Hupinit1; reference:url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml; classtype:trojan-activity; sid:2008389; rev:1;)
Added 2008-07-09 15:35:40 UTC
To catch stuff like so, this on port 3128:
POST /+17131.html HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla
Host: 157.161.97.3
-----
HTTP/1.0 200 OK
YES
~~@@
--
MattJonkman - 09 Jul 2008