[Emerging-Sigs] SIG: ET TROJAN Win32/Trojan.Agent.AXMO CnC Beacon

Kevin Ross kevross33 at googlemail.com
Wed Dec 5 13:16:17 HAST 2012


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN
Win32/Trojan.Agent.AXMO CnC Beacon"; flow:established,to_server;
content:"POST"; content:"/log HTTP/1."; distance:0; content:"User-Agent|3A
20|Mozilla/4.0|0D 0A|"; distance:0; classtype:trojan-activity;
reference:url,
contagiodump.blogspot.co.uk/2012/12/osxdockstera-and-win32trojanagentaxmo.html;
sid:1329991; rev:1;)

Regards,
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20121205/e7f870a1/attachment.html>


More information about the Emerging-sigs mailing list