alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Spy.Banker.AAXV Retrieving key from Pinterest"; flow:established,to_server; content:"GET"; http_method; content:"/pin/"; depth:5; http_uri; content:"Internet Explorer 6.0"; http_user_agent; fast_pattern; depth:21; isdataat:!1,relative;content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,f25a8e3f5265a57269590b84a506b672; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/malware-campaign-targets-south-korean-banks-uses-pinterest-as-cc-channel/; classtype:trojan-activity; sid:2019961; rev:4; metadata:created_at 2014_12_17, updated_at 2019_10_15;)

Added 2019-10-15 19:25:33 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Spy.Banker.AAXV Retrieving key from Pinterest"; flow:established,to_server; content:"GET"; http_method; content:"/pin/"; depth:5; http_uri; content:"User-Agent|3a 20|Internet Explorer 6.0|0d 0a|"; http_header; fast_pattern:15,20; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,f25a8e3f5265a57269590b84a506b672; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/malware-campaign-targets-south-korean-banks-uses-pinterest-as-cc-channel/; classtype:trojan-activity; sid:2019961; rev:3; metadata:created_at 2014_12_17, updated_at 2014_12_17;)

Added 2018-09-13 19:50:06 UTC


Added 2018-09-13 17:59:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Spy.Banker.AAXV Retrieving key from Pinterest"; flow:established,to_server; content:"GET"; http_method; content:"/pin/"; depth:5; http_uri; content:"User-Agent|3a 20|Internet Explorer 6.0|0d 0a|"; http_header; fast_pattern:15,20; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,f25a8e3f5265a57269590b84a506b672; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/malware-campaign-targets-south-korean-banks-uses-pinterest-as-cc-channel/; classtype:trojan-activity; sid:2019961; rev:3; metadata:created_at 2014_12_17, updated_at 2014_12_17;)

Added 2017-08-07 21:14:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Spy.Banker.AAXV Retrieving key from Pinterest"; flow:established,to_server; content:"GET"; http_method; content:"/pin/"; depth:5; http_uri; content:"User-Agent|3a 20|Internet Explorer 6.0|0d 0a|"; http_header; fast_pattern:15,20; content:!"Accept"; http_header; content:!"Connection|3a|"; http_header; content:!"Referer|3a|"; http_header; reference:md5,f25a8e3f5265a57269590b84a506b672; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/malware-campaign-targets-south-korean-banks-uses-pinterest-as-cc-channel/; classtype:trojan-activity; sid:2019961; rev:3;)

Added 2014-12-17 18:44:49 UTC


Topic revision: r1 - 2019-10-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats