[Emerging-Sigs] SIG: ET TROJAN Win32/Trojan.Agent.AXMO CnC Beacon

Will Metcalf wmetcalf at emergingthreatspro.com
Wed Dec 5 13:21:14 HAST 2012


Nice.. Thanks Kevin. Will get it into QA.

Regards,

Will

On Wed, Dec 5, 2012 at 5:16 PM, Kevin Ross <kevross33 at googlemail.com> wrote:
> alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN
> Win32/Trojan.Agent.AXMO CnC Beacon"; flow:established,to_server;
> content:"POST"; content:"/log HTTP/1."; distance:0; content:"User-Agent|3A
> 20|Mozilla/4.0|0D 0A|"; distance:0; classtype:trojan-activity;
> reference:url,contagiodump.blogspot.co.uk/2012/12/osxdockstera-and-win32trojanagentaxmo.html;
> sid:1329991; rev:1;)
>
> Regards,
> Kevin
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through
> Current!


More information about the Emerging-sigs mailing list