alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zeus Bot Request to CnC? 2"; flow:to_server,established; content:"GET"; nocase; http_method; content:"Accept|3a| */*|0d 0a|If-None-Match|3a| "; fast_pattern; depth:28; http_header; content:"Cache-Control|3a| no-cache|0d 0a|User-Agent|3a| Mozilla"; distance:0; http_header; content:"Connection|3a| Close|0d 0a 0d 0a|"; distance:0; http_header; classtype:trojan-activity; sid:2013348; rev:8; metadata:created_at 2011_08_03, updated_at 2011_08_03;)

Added 2017-08-07 21:06:38 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC? 2"; flow:to_server,established; content:"GET"; nocase; http_method; content:"Accept|3a| */*|0d 0a|If-None-Match|3a| "; fast_pattern; depth:28; http_header; content:"Cache-Control|3a| no-cache|0d 0a|User-Agent|3a| Mozilla"; distance:0; http_header; content:"Connection|3a| Close|0d 0a 0d 0a|"; distance:0; http_header; classtype:trojan-activity; sid:2013348; rev:10;)

Added 2012-04-02 21:11:34 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC? 2"; content:"GET"; nocase; http_method; content:"Accept|3a| */*|0d 0a|If-None-Match|3a| "; fast_pattern; depth:28; http_header; content:"Cache-Control|3a| no-cache|0d 0a|User-Agent|3a| Mozilla"; distance:0; http_header; content:"Connection|3a| Close|0d 0a 0d 0a|"; distance:0; http_header; classtype:trojan-activity; sid:2013348; rev:9;)

Added 2012-03-20 17:59:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC? 2"; content:"GET"; http_method; content:"Accept|3a| */*|0d 0a|If-None-Match|3a| "; fast_pattern; depth:28; http_header; content:"Cache-Control|3a| no-cache|0d 0a|User-Agent|3a| Mozilla"; distance:0; http_header; content:"Connection|3a| Close|0d 0a 0d 0a|"; distance:0; http_header; classtype:trojan-activity; sid:2013348; rev:8;)

Added 2011-10-12 19:36:39 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats