alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zberp receiving config via image file - SET"; flow:to_server,established; content:".jpg"; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; pcre:"/\.jpg$/U"; flowbits:set,ET.Zberp; flowbits:noalert; reference:md5,1e1f44f8a403c4ebc6943eb2dcf731ff; reference:url,securityintelligence.com/new-zberp-trojan-discovered-zeus-zbot-carberp/#.U5Xgpyh4l8u; reference:url,blog.malwarebytes.org/security-threat/2014/02/hiding-in-plain-sight-a-story-about-a-sneaky-banking-trojan/; classtype:trojan-activity; sid:2021381; rev:7; metadata:created_at 2015_07_06, updated_at 2015_07_06;)

Added 2018-09-13 19:51:25 UTC

Notable and recurrent detection with Netflix from a Samsung SmartTV? : DST : 45.57.21.138 45.57.21.131 92.122.122.147 45.57.21.142 45.57.21.138 45.57.21.140 45.57.21.139

-- JorisLambrecht - 2018-11-01


Added 2018-09-13 18:00:13 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zberp receiving config via image file - SET"; flow:to_server,established; content:".jpg"; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; pcre:"/\.jpg$/U"; flowbits:set,ET.Zberp; flowbits:noalert; reference:md5,1e1f44f8a403c4ebc6943eb2dcf731ff; reference:url,securityintelligence.com/new-zberp-trojan-discovered-zeus-zbot-carberp/#.U5Xgpyh4l8u; reference:url,blog.malwarebytes.org/security-threat/2014/02/hiding-in-plain-sight-a-story-about-a-sneaky-banking-trojan/; classtype:trojan-activity; sid:2021381; rev:7; metadata:created_at 2015_07_06, updated_at 2015_07_06;)

Added 2017-08-07 21:16:05 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Zberp receiving config via image file - SET"; flow:to_server,established; content:".jpg"; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; pcre:"/\.jpg$/U"; flowbits:set,ET.Zberp; flowbits:noalert; reference:md5,1e1f44f8a403c4ebc6943eb2dcf731ff; reference:url,securityintelligence.com/new-zberp-trojan-discovered-zeus-zbot-carberp/#.U5Xgpyh4l8u; reference:url,blog.malwarebytes.org/security-threat/2014/02/hiding-in-plain-sight-a-story-about-a-sneaky-banking-trojan/; classtype:trojan-activity; sid:2021381; rev:7;)

Added 2015-07-06 18:49:04 UTC


Topic revision: r2 - 2018-11-01 - JorisLambrecht
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats