Trojan (2009.7.13)
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Trojan-Dropper.Agent.IK”; flow:to_server,established; uricontent:”/update/run.php”; content:”Host|3a 20|www|2e|happycoin|2e|co|2e|kr”; nocase; http_header; )
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Trojan-Dropper.Win32.Agent.aqpn”; flow:to_server,established; uricontent:”/winxp/mm.txt”; content:”Host|3a 20|www|2e|dy2004|2e|com”; nocase; http_header; )
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Trojan-Downloader.Win32.Banload.bvk”; flow:to_server,established; uricontent:”/photo/tju-15-06-09.jpg”; content:”Host|3a 20|www|2e|ishiharakikaku|2e|co|2e|jp”; nocase; http_header; )
About this entry
You’re currently reading “Trojan (2009.7.13),” an entry on Snort rules
- 게시일:
- 7월 17, 2009 / 1:52 오후
- 카테고리:
- Rule Create
No comments yet
Jump to comment form | comment rss [?] | trackback uri [?]