[Emerging-Sigs] ET TROJAN Win32.PEx.C.91139756616 Checkin Signature

Micah Kays micah.d.kays at gmail.com
Fri Oct 21 10:34:53 EDT 2011


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN
Win32.PEx.C.91139756616 Checkin"; flow:established,to_server;
content:"GET"; http_method; content:"/?vn="; http_uri; nocase;
content:"&partner="; http_uri; nocase; content:"&ptag="; http_uri;
nocase; content:"&cid="; http_uri; nocase;
content:"&initial_install="; http_uri; nocase; content:"&b=";
http_uri; nocase; content:"&se="; http_uri; nocase; content:"&au=";
http_uri; nocase; content:"&am="; http_uri; nocase; content:"&pver=";
http_uri; nocase; content:"&retries="; http_uri; nocase;
reference:url,http://www.threatexpert.com/report.aspx?md5=2c969afbe71f35571d11e30f1e854b29;
reference:url,threatcenter.crdf.fr/?More&ID=49889&D=CRDF.Win32.Win32.PEx.C.91139756616;
classtype:trojan-activity; sid:001; rev:1;)


More information about the Emerging-sigs mailing list