ET DELETED Generic Trojan Checkin

SID: 2009412Rev: 110 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Generic Trojan Checkin"; flow:to_server,established; content:"GET"; nocase; http_method; content:".asp?mac="; nocase; http_uri; pcre:"/mac=[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}/iU"; content:"&ver="; nocase; http_uri; classtype:trojan-activity; sid:2009412; rev:11; metadata:created_at 2010_07_30, signature_severity Unknown, updated_at 2019_07_26;)

Metadata

created at2010_07_30
signature severityUnknown
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!