[Emerging-Sigs] Win32.Trojan-Ransom Update to C2 Signature

Micah Kays micah.d.kays at gmail.com
Tue Oct 4 10:22:27 EDT 2011


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"Win32.Trojan-Ransom Update to C2"; uricontent:"?action=";
uricontent:"&v="; uricontent:"&crc="; classtype:trojan-activity;
reference:url,http://www.threatexpert.com/report.aspx?md5=fd67c8524d75f39adaf8d8d1795bbbeb
sid:1; rev:1;)


More information about the Emerging-sigs mailing list