Trojan (09.07.20)

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Trojan-Spy.Win32.VB.btm”; flow:to_server,established; uricontent:”/new.html”; content:”Host|3a 20|xz|2e|ub9|2e|net”; nocase; http_header;)
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Trojan.Win32.FraudPack.ogk”; flow:to_server,established; uricontent:”/resolution.php”; content:”Host|3a 20|imagesrepository|2e|com”; nocase; http_header;)

Advertisements

About this entry