#alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Executable served from Amazon S3"; flow:established,to_client; content:"Server|3A| AmazonS3?"; content:"MZ"; isdataat:80,relative; content:"PE"; distance:0; reference:url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/; reference:url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud; classtype:bad-unknown; sid:2013437; rev:5; metadata:created_at 2011_08_19, updated_at 2011_08_19;)

Added 2017-08-07 21:06:44 UTC


#alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET DELETED Executable served from Amazon S3"; flow:established,to_client; content:"Server|3A| AmazonS3?"; http_header; file_data; content:"MZ"; distance:0; isdataat:80,relative; content:"PE"; distance:0; reference:url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/; reference:url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud; classtype:bad-unknown; sid:2013437; rev:1;)

Added 2012-03-07 18:45:04 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Executable served from Amazon S3"; flow:established,to_client; content:"Server|3A| AmazonS3?"; http_header; file_data; content:"MZ"; distance:0; isdataat:80,relative; content:"PE"; distance:0; reference:url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/; reference:url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud; classtype:bad-unknown; sid:2013437; rev:1;)

Added 2011-10-12 19:36:51 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Executable served from Amazon S3"; flow:established,to_client; content:"Server|3A| AmazonS3?"; http_header; file_data; content:"MZ"; distance:0; isdataat:80,relative; content:"PE"; distance:0; classtype:bad-unknown; reference:url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/; reference:url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud; sid:2013437; rev:1;)

Added 2011-08-20 07:22:18 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET POLICY Executable served from Amazon S3"; flow:established,to_client; content:"Server|3A| AmazonS3?"; http_header; file_data; content:"MZ"; distance:0; isdataat:80,relative; content:"PE"; distance:0; classtype:bad-unknown; reference:url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/; reference:url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud; sid:2013437; rev:1;)

Added 2011-08-19 16:53:15 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats