alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern; http_uri; reference:md5,3ccc73f049a1de731baf7ea8915c92a8; reference:md5,91ce41376a5b33059744cb58758213bb; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:md5,21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:3; metadata:created_at 2012_08_14, former_category MALWARE, malware_family URLZone, tag Banking_Trojan, updated_at 2020_09_17;)

Added 2021-09-21 19:58:07 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern; http_uri; reference:md5,3ccc73f049a1de731baf7ea8915c92a8; reference:md5,91ce41376a5b33059744cb58758213bb; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:md5,21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:3; metadata:created_at 2012_08_13, former_category MALWARE, malware_family URLZone, tag Banking_Trojan, updated_at 2020_09_17;)

Added 2021-09-13 18:07:04 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern; http_uri; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8; reference:url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb; reference:url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:3; metadata:created_at 2012_08_13, former_category MALWARE, malware_family URLZone, tag Banking_Trojan, updated_at 2020_09_17;)

Added 2020-09-17 18:28:50 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern; http_uri; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8; reference:url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb; reference:url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:3; metadata:created_at 2012_08_13, former_category MALWARE, malware_family URLZone, tag Banking_Trojan, updated_at 2019_10_07;)

Added 2020-08-05 19:08:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern:only; http_uri; metadata: former_category MALWARE; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8; reference:url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb; reference:url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:2; metadata:tag Banking_Trojan, created_at 2012_08_13, malware_family URLZone, updated_at 2019_10_07;)

Added 2019-10-07 19:58:25 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern:only; http_uri; metadata: former_category MALWARE; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8; reference:url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb; reference:url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:2; metadata:tag Banking_Trojan, created_at 2012_08_13, malware_family URLZone, updated_at 2018_04_23;)

Added 2019-09-26 19:57:11 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern:only; http_uri; metadata: former_category TROJAN; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8; reference:url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb; reference:url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:2; metadata:tag Banking_Trojan, created_at 2012_08_13, malware_family URLZone, updated_at 2018_04_23;)

Added 2018-04-24 17:14:16 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern:only; http_uri; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8; reference:url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb; reference:url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:2; metadata:created_at 2012_08_13, updated_at 2012_08_13;)

Added 2017-08-07 21:09:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php"; flow:established,to_server; content:"POST"; http_method; content:"/was/uid.php"; fast_pattern:only; http_uri; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B; reference:url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8; reference:url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb; reference:url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24; classtype:trojan-activity; sid:2015623; rev:1;)

Added 2012-08-15 00:05:25 UTC


Topic revision: r1 - 2021-09-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats