#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Suspicious IAT SetKeyboardState? - Can Be Used for Keylogging"; flow:established,to_client; content:"SetKeyboardState"; nocase; fast_pattern:only; reference:url,sans.org/reading_room/whitepapers/malicious/rss/_33649; classtype:misc-activity; sid:2012780; rev:3;)

Added 2012-03-13 14:42:40 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Suspicious IAT SetKeyboardState? - Can Be Used for Keylogging"; flowbits:isset,ET.http.binary; flow:established,to_client; content:"SetKeyboardState"; nocase; fast_pattern:only; reference:url,sans.org/reading_room/whitepapers/malicious/rss/_33649; classtype:misc-activity; sid:2012780; rev:2;)

Added 2011-10-12 19:35:12 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Suspicious IAT SetKeyboardState? - Can Be Used for Keylogging"; flowbits:isset,ET.http.binary; flow:established,to_client; content:"SetKeyboardState"; nocase; fast_pattern:only; classtype:misc-activity; reference:url,sans.org/reading_room/whitepapers/malicious/rss/_33649; sid:2012780; rev:2;)

Added 2011-05-24 18:47:26 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET TROJAN Suspicious IAT SetKeyboardState? - Can Be Used for Keylogging"; flowbits:isset,ET.http.binary; flow:established,to_client; content:"SetKeyboardState"; nocase; fast_pattern:only; classtype:misc-activity; reference:url,sans.org/reading_room/whitepapers/malicious/rss/_33649; sid:2012780; rev:1;)

Added 2011-05-03 18:07:18 UTC


Topic revision: r1 - 2012-03-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats