[Emerging-Sigs] Win32.PEx.Delphi.996796543 Checkin Signature

Micah Kays micah.d.kays at gmail.com
Thu Oct 27 12:47:07 EDT 2011


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN
Win32.PEx.Delphi.996796543Checkin"; flow:established,to_server;
content:"GET"; http_method; content:"/nconfirm.php?rev="; nocase;
http_uri; content:"&code="; nocase; http_uri; content:"&param=";
nocase; http_uri; content:"&num="; nocase; http_uri;
reference:url,http://www.threatexpert.com/report.aspx?md5=74fb948a209f60124a56f174b6c6813a;
reference:url,http://threatcenter.crdf.fr/?More&ID=50165&D=CRDF.Malware.Win32.PEx.Delphi.996796543;
classtype:trojan-activity; sid:051; rev:1;)


More information about the Emerging-sigs mailing list