alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Generic Win32 Banker Trojan CheckIn?"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Mozilla/3.0 (compatible|3b| Indy Library)"; http_header; content:"/sys7."; http_uri; fast_pattern; reference:url,www.xandora.net/xangui/malware/view/18e5c43b3d430526e90799e7cc2c3ec8; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FBancos.ZY; classtype:trojan-activity; sid:2012521; rev:3;)

Added 2014-09-12 16:28:31 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Generic Win32 Banker Trojan CheckIn?"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Mozilla/3.0 (compatible|3b| Indy Library)"; http_header; content:"/sys7."; http_uri; fast_pattern; reference:url,www.xandora.net/xangui/malware/view/18e5c43b3d430526e90799e7cc2c3ec8; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FBancos.ZY; classtype:trojan-activity; sid:2012521; rev:2;)

Added 2011-10-12 19:34:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Generic Win32 Banker Trojan CheckIn?"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Mozilla/3.0 (compatible|3b| Indy Library)"; http_header; content:"/sys7."; http_uri; fast_pattern; classtype:trojan-activity; reference:url,www.xandora.net/xangui/malware/view/18e5c43b3d430526e90799e7cc2c3ec8; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FBancos.ZY; sid:2012521; rev:2;)

Added 2011-03-22 15:48:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Generic Win32 Banker Trojan CheckIn?"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a| Mozilla/3.0 (compatible|3b| Indy Library)"; http_header; content:"/sys7."; http_uri; fast_pattern; classtype:trojan-activity; reference:url,www.xandora.net/xangui/malware/view/18e5c43b3d430526e90799e7cc2c3ec8; sid:2012521; rev:1;)

Added 2011-03-21 15:28:39 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats