Tag Archives: Sanny Daws Trojan Malware E-Mail Spamming Threat + Snort Signatures

Sanny Daws Trojan Malware E-Mail Spamming Threat + Snort Signatures

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”ET TROJAN > W32.Daws/Sanny CnC Initial Beacon”; flow:established,to_server; > content:”/list.php?db=”; http_uri; content:”Accept-Language|3A| ko-kr”; > http_header; classtype:trojan-activity; reference:url, > blog.fireeye.com/research/2012/12/to-russia-with-apt.html; reference:url, > contagiodump.blogspot.co.uk/2012/12/end-of-year-presents-continue.html; > sid:1318811; rev:1;) > > alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”ET TROJAN > W32.Daws/Sanny CnC POST”; flow:established,to_server; content:”POST”; > http_method; content:”/write.php”; http_uri; content:”Accept-Language|3A| >… Read More »

Share Button