#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Zeus GET Request to CnC?"; flow:established,to_server; content:"GET"; http_method; content:"HTTP/1.1|0D 0A|Accept|3a| */*|0D 0A|User-Agent|3a|"; content:!"Content-Type|3a| "; http_header; content:"|0d 0a|Content-Length|3a| "; content:!"0"; distance:0; within:1; content:"Connection|3a| Keep-Alive|0D 0A|Cache-Control|3a| no-cache|0D 0A 0D 0A|"; classtype:trojan-activity; sid:2011817; rev:2;)

Added 2011-10-12 19:32:38 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Zeus GET Request to CnC?"; flow:established,to_server; content:"GET"; http_method; content:"HTTP/1.1|0D 0A|Accept|3a| */*|0D 0A|User-Agent|3a|"; content:!"Content-Type|3a| "; http_header; content:"|0d 0a|Content-Length|3a| "; content:!"0"; distance:0; within:1; content:"Connection|3a| Keep-Alive|0D 0A|Cache-Control|3a| no-cache|0D 0A 0D 0A|"; classtype:trojan-activity; sid:2011817; rev:2;)

Added 2011-02-04 17:31:35 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats