alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zbot downloader Installing Zeus"; flow:to_server,established; content:".exe"; http_uri; fast_pattern; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|"; depth:30; http_header; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.0|3b 29 0d 0a|Host|3a 20|"; distance:0; http_header; content:"Cache-Control|3a 20|no-cache|0d 0a|"; http_header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|Cache-Control|0d 0a 0d 0a|"; isdataat:!1,relative; classtype:trojan-activity; sid:2018421; rev:4; metadata:created_at 2014_04_24, updated_at 2020_11_16;)

Added 2020-11-16 19:08:24 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zbot downloader Installing Zeus"; flow:to_server,established; content:".exe"; http_uri; fast_pattern; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|"; depth:30; http_header; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.0|3b 29 0d 0a|Host|3a 20|"; distance:0; http_header; content:"Cache-Control|3a 20|no-cache|0d 0a|"; http_header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|Cache-Control|0d 0a 0d 0a|"; isdataat:!1,relative; classtype:trojan-activity; sid:2018421; rev:4; metadata:created_at 2014_04_24, updated_at 2020_04_06;)

Added 2020-04-06 19:16:54 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zbot downloader Installing Zeus"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|"; depth:30; http_header; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.0|3b 29 0d 0a|Host|3a| "; distance:0; http_header; pcre:"/User-Agent: [^\r]*\r\nHost: [^\r]*\r\nCache-Control: no-cache\r\n\r\n$/H"; classtype:trojan-activity; sid:2018421; rev:2; metadata:created_at 2014_04_24, updated_at 2019_10_07;)

Added 2019-10-07 19:58:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zbot downloader Installing Zeus"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|"; depth:30; http_header; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.0|3b 29 0d 0a|Host|3a| "; distance:0; http_header; pcre:"/User-Agent: [^\r]*\r\nHost: [^\r]*\r\nCache-Control: no-cache\r\n\r\n$/H"; classtype:trojan-activity; sid:2018421; rev:2; metadata:created_at 2014_04_24, updated_at 2014_04_24;)

Added 2018-09-13 19:48:43 UTC


Added 2018-09-13 17:58:38 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zbot downloader Installing Zeus"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|"; depth:30; http_header; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.0|3b 29 0d 0a|Host|3a| "; distance:0; http_header; pcre:"/User-Agent: [^\r]*\r\nHost: [^\r]*\r\nCache-Control: no-cache\r\n\r\n$/H"; classtype:trojan-activity; sid:2018421; rev:2; metadata:created_at 2014_04_24, updated_at 2014_04_24;)

Added 2017-08-07 21:12:30 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zbot downloader Installing Zeus"; flow:to_server,established; content:".exe"; http_uri; fast_pattern:only; content:"Accept|3a 20|*/*|0d 0a|Accept-Language|3a 20|"; depth:30; http_header; content:"|0d 0a|User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 6.0|3b 29 0d 0a|Host|3a| "; distance:0; http_header; pcre:"/User-Agent: [^\r]*\r\nHost: [^\r]*\r\nCache-Control: no-cache\r\n\r\n$/H"; classtype:trojan-activity; sid:2018421; rev:1;)

Added 2014-04-24 18:35:44 UTC


Topic revision: r1 - 2020-11-17 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats