alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zeus Bot Connectivity Check"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a 20|Mozilla/"; depth:68; content:"|0d 0a|Host|3a| "; distance:0; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; content:!"/webhp"; http_uri; depth:6; content:!"Host|3a| login.live.com|0d 0a|"; http_header; content:!"google.com|0d 0a|"; http_header; content:!"www.bing.com"; http_header; content:!"yandex.ru|0d 0a|"; http_header; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2011588; rev:21;)

Added 2016-09-16 17:23:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| "; distance:0; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; content:!"/webhp"; http_uri; depth:6; content:!"Host|3a| login.live.com|0d 0a|"; http_header; content:!"www.bing.com"; http_header; content:!"yandex.ru|0d 0a|"; http_header; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2011588; rev:19;)

Added 2014-05-14 17:50:48 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| "; distance:0; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; content:!"/webhp"; http_uri; depth:6; content:!"Host|3a| login.live.com|0d 0a|"; http_header; content:!"www.bing.com"; http_header; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2011588; rev:18;)

Added 2013-06-27 20:56:21 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; content:!"/webhp"; http_uri; depth:6; content:!"Host|3a| login.live.com|0d 0a|"; http_header; content:!"www.bing.com"; http_header; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:trojan-activity; sid:2011588; rev:17;)

Added 2011-10-12 19:32:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; content:"GET / HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; depth:60; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; content:!"/webhp"; http_uri; depth:6; content:!"Host|3a| login.live.com|0d 0a|"; http_header; content:!"www.bing.com"; http_header; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; sid:2011588; rev:17;)

Added 2011-08-31 10:23:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; content:"GET /"; depth:5; content:" HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; content:!"/webhp"; http_uri; depth:6; content:!"Host|3a| login.live.com|0d 0a|"; http_header; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; sid:2011588; rev:15;)

Added 2011-08-09 06:32:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; content:"GET /"; depth:5; content:" HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; content:!"/webhp"; http_uri; depth:6; content:!"Host|3a| login.live.com|0d 0a|"; http_header; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; sid:2011588; rev:15;)

Added 2011-08-08 21:58:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; content:"GET /"; depth:5; content:" HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; content:!"/webhp"; http_uri; depth:6; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; sid:2011588; rev:14;)

Added 2011-06-21 18:18:58 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot GET to Google checking Internet connectivity"; flow:established,to_server; content:"GET /"; depth:5; content:" HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; sid:2011588; rev:12;)

Added 2011-06-17 13:31:09 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; content:"GET /"; depth:5; content:" HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| "; content:"|0d 0a|Host|3a| "; distance:0; http_header; content:!"|0d 0a|Referer|3a| "; http_header; nocase; content:"|3a| no-cache"; http_header; classtype:trojan-activity; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; sid:2011588; rev:11;)

Added 2011-02-04 17:31:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET /"; depth:5; content:".bin HTTP/1.1|0d 0a|Accept\: */*|0d 0a|Connection\: Close|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible\; MSIE"; content:"|0d 0a|Host\: "; distance:0; content:!"|0d 0a|Referer|3a|"; nocase; classtype:trojan-activity; sid:2011588; rev:1;)

Added 2010-10-01 17:16:20 UTC


Topic revision: r1 - 2016-09-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats