alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)"; flow:established,to_server; content:"POST"; http_method; content:"/gate.php"; http_uri; pcre:"/^.{0,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}[\x80-\xff]{1,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}/P"; http_header_names; content:!"Referer"; classtype:bad-unknown; sid:2016173; rev:9; metadata:created_at 2013_01_08, updated_at 2013_01_08;)

Added 2018-09-13 19:46:07 UTC


Added 2018-09-13 17:57:11 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)"; flow:established,to_server; content:"POST"; http_method; content:"/gate.php"; http_uri; content:!"Referer: "; http_header; pcre:"/^.{0,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}[\x80-\xff]{1,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}/P"; classtype:bad-unknown; sid:2016173; rev:8; metadata:created_at 2013_01_08, updated_at 2013_01_08;)

Added 2017-08-07 21:09:51 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)"; flow:established,to_server; content:"POST"; http_method; content:"/gate.php"; http_uri; content:!"Referer: "; http_header; pcre:"/^.{0,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}[\x80-\xff]{1,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}/P"; classtype:bad-unknown; sid:2016173; rev:8;)

Added 2015-03-27 19:40:04 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Generic -POST To gate.php w/Extended ASCII Characters"; flow:established,to_server; content:"POST"; http_method; content:"/gate.php"; http_uri; content:!"Referer: "; http_header; pcre:"/^.{0,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}[\x80-\xff]{1,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}[\x80-\xff]{1,3}[\x00-\x7f]{1,3}/P"; classtype:bad-unknown; sid:2016173; rev:7;)

Added 2013-01-08 01:39:09 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats