alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Trojan-Banker.Win32.Agent Checkin"; flow:established,to_server; content:"POST"; nocase; http_method; content:"User-Agent|3A| Mozilla/4.0 (compatible|3B| ICS)"; http_header; fast_pattern:20,20; content:"para="; http_client_body; depth:5; content:"&subject="; http_client_body; content:"&dados="; http_client_body; reference:url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=1bcc87209703cf73c80f9772935e47b0; reference:url,www.threatexpert.com/report.aspx?md5=c8b3d2bc407b0260b40b7f97e504faa5; classtype:trojan-activity; sid:2013185; rev:6; metadata:created_at 2011_07_05, updated_at 2011_07_05;)

Added 2017-08-07 21:06:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Banker.Win32.Agent Checkin"; flow:established,to_server; content:"POST"; nocase; http_method; content:"User-Agent|3A| Mozilla/4.0 (compatible|3B| ICS)"; fast_pattern:20,20; http_header; content:"para="; http_client_body; depth:5; content:"&subject="; http_client_body; content:"&dados="; http_client_body; reference:url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=1bcc87209703cf73c80f9772935e47b0; reference:url,www.threatexpert.com/report.aspx?md5=c8b3d2bc407b0260b40b7f97e504faa5; classtype:trojan-activity; sid:2013185; rev:5;)

Added 2012-03-20 17:59:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Banker.Win32.Agent Checkin"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3A| Mozilla/4.0 (compatible|3B| ICS)"; fast_pattern:20,20; http_header; content:"para="; http_client_body; depth:5; content:"&subject="; http_client_body; content:"&dados="; http_client_body; reference:url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=1bcc87209703cf73c80f9772935e47b0; reference:url,www.threatexpert.com/report.aspx?md5=c8b3d2bc407b0260b40b7f97e504faa5; classtype:trojan-activity; sid:2013185; rev:4;)

Added 2011-12-19 18:45:38 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Banker.Win32.Agent Checkin"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3A| Mozilla/4.0 (compatible|3B| ICS)"; http_header; content:"para="; http_client_body; depth:5; content:"&subject="; http_client_body; content:"&dados="; http_client_body; reference:url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=1bcc87209703cf73c80f9772935e47b0; reference:url,www.threatexpert.com/report.aspx?md5=c8b3d2bc407b0260b40b7f97e504faa5; classtype:trojan-activity; sid:2013185; rev:3;)

Added 2011-10-12 19:36:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Trojan-Banker.Win32.Agent Checkin"; flow:established,to_server; content:"POST"; http_method; content:"User-Agent|3A| Mozilla/4.0 (compatible|3B| ICS)"; http_header; content:"para="; http_client_body; depth:5; content:"&subject="; http_client_body; content:"&dados="; http_client_body; classtype:trojan-activity; reference:url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=1bcc87209703cf73c80f9772935e47b0; reference:url,www.threatexpert.com/report.aspx?md5=c8b3d2bc407b0260b40b7f97e504faa5; sid:2013185; rev:3;)

Added 2011-07-05 19:18:37 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats