#alert tcp $EXTERNAL_NET 1433 -> $HOME_NET any (msg:"ET TROJAN MSIL/Banker.M Downloading Binary from SQL"; flow:established,to_client; content:"|03 00|d|00|b|00|o|00 09 00|n|00|o|00|v|00|o|00|s|00|l|00|o|00|a|00|d|00 03|i|00|m|00|g"; fast_pattern:14,20; content:"This program cannot be run"; distance:0; reference:md5,54618b126c69b2f0a3309b7c0ac5ae26; reference:url,blogs.mcafee.com/mcafee-labs/brazilian-banking-malware-hides-in-sql-database/; classtype:trojan-activity; sid:2021931; rev:1; metadata:created_at 2015_10_08, updated_at 2015_10_08;)

Added 2021-09-21 20:00:22 UTC


alert tcp $EXTERNAL_NET 1433 -> $HOME_NET any (msg:"ET TROJAN MSIL/Banker.M Downloading Binary from SQL"; flow:established,to_client; content:"|03 00|d|00|b|00|o|00 09 00|n|00|o|00|v|00|o|00|s|00|l|00|o|00|a|00|d|00 03|i|00|m|00|g"; fast_pattern:14,20; content:"This program cannot be run"; distance:0; reference:md5,54618b126c69b2f0a3309b7c0ac5ae26; reference:url,blogs.mcafee.com/mcafee-labs/brazilian-banking-malware-hides-in-sql-database/; classtype:trojan-activity; sid:2021931; rev:1; metadata:created_at 2015_10_07, updated_at 2015_10_07;)

Added 2018-09-13 19:51:48 UTC


Added 2018-09-13 18:00:27 UTC


alert tcp $EXTERNAL_NET 1433 -> $HOME_NET any (msg:"ET TROJAN MSIL/Banker.M Downloading Binary from SQL"; flow:established,to_client; content:"|03 00|d|00|b|00|o|00 09 00|n|00|o|00|v|00|o|00|s|00|l|00|o|00|a|00|d|00 03|i|00|m|00|g"; fast_pattern:14,20; content:"This program cannot be run"; distance:0; reference:md5,54618b126c69b2f0a3309b7c0ac5ae26; reference:url,blogs.mcafee.com/mcafee-labs/brazilian-banking-malware-hides-in-sql-database/; classtype:trojan-activity; sid:2021931; rev:1; metadata:created_at 2015_10_07, updated_at 2015_10_07;)

Added 2017-08-07 21:16:42 UTC


alert tcp $EXTERNAL_NET 1433 -> $HOME_NET any (msg:"ET TROJAN MSIL/Banker.M Downloading Binary from SQL"; flow:established,to_client; content:"|03 00|d|00|b|00|o|00 09 00|n|00|o|00|v|00|o|00|s|00|l|00|o|00|a|00|d|00 03|i|00|m|00|g"; fast_pattern:14,20; content:"This program cannot be run"; distance:0; reference:md5,54618b126c69b2f0a3309b7c0ac5ae26; reference:url,blogs.mcafee.com/mcafee-labs/brazilian-banking-malware-hides-in-sql-database/; classtype:trojan-activity; sid:2021931; rev:1;)

Added 2015-10-07 17:58:43 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats