alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Panda Banker CnC?"; flow:established,to_server; content:"POST"; http_method; content:!".php"; http_uri; pcre:"/^\/[A-Za-z0-9]+(?:\/[A-F0-9]+){3,}$/U"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; pcre:"/^User-Agent\x3a[^\r\n]+?(?:MSIE|rv\x3a11)/Hm"; http_header_names; content:!"Content-Type"; content:!"Referer"; http_accept; content:"*/*"; depth:3; isdataat:!1,relative; http_start; content:"P/1.1|0d 0a|Accept|3a 20|*/*|0d 0a|"; fast_pattern; reference:md5,17bd012f145bba62b4e58b376d8002d3; classtype:trojan-activity; sid:2022609; rev:3; metadata:created_at 2016_03_10, updated_at 2019_05_22;)

Added 2019-05-22 20:30:37 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Panda Banker CnC?"; flow:established,to_server; content:"POST"; http_method; content:!".php"; http_uri; pcre:"/^\/[A-Za-z0-9]+(?:\/[A-F0-9]+){3,}$/U"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; pcre:"/^User-Agent\x3a[^\r\n]+?(?:MSIE|rv\x3a11)/Hm"; http_header_names; content:!"Content-Type"; content:!"Referer"; http_accept; content:"*/*"; depth:3; isdataat:!1,relative; http_start; content:"P/1.1|0d 0a|Accept|3a 20|*/*|0d 0a|"; fast_pattern; reference:md5,17bd012f145bba62b4e58b376d8002d3; classtype:trojan-activity; sid:2022609; rev:3; metadata:created_at 2016_03_10, updated_at 2019_05_22;)

Added 2019-05-22 19:32:46 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Panda Banker CnC?"; flow:established,to_server; content:"POST"; http_method; content:!"Content-Type|3a 20|"; http_header; content:!"Referer|3a|"; http_header; content:"Accept|3a 20|*/*|0d 0a|"; http_header; depth:13; content:!".php"; http_uri; pcre:"/^\/[A-Za-z0-9]+(?:\/[A-F0-9]+){3,}$/U"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; pcre:"/^User-Agent\x3a[^\r\n]+?(?:MSIE|rv\x3a11)/Hm"; content:"P/1.1|0d 0a|Accept|3a 20|*/*|0d 0a|"; fast_pattern:only; reference:md5,17bd012f145bba62b4e58b376d8002d3; classtype:trojan-activity; sid:2022609; rev:2; metadata:created_at 2016_03_10, updated_at 2016_03_10;)

Added 2018-09-13 19:52:23 UTC


Added 2018-09-13 18:00:48 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Panda Banker CnC?"; flow:established,to_server; content:"POST"; http_method; content:!"Content-Type|3a 20|"; http_header; content:!"Referer|3a|"; http_header; content:"Accept|3a 20|*/*|0d 0a|"; http_header; depth:13; content:!".php"; http_uri; pcre:"/^\/[A-Za-z0-9]+(?:\/[A-F0-9]+){3,}$/U"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; pcre:"/^User-Agent\x3a[^\r\n]+?(?:MSIE|rv\x3a11)/Hm"; content:"P/1.1|0d 0a|Accept|3a 20|*/*|0d 0a|"; fast_pattern:only; reference:md5,17bd012f145bba62b4e58b376d8002d3; classtype:trojan-activity; sid:2022609; rev:2; metadata:created_at 2016_03_10, updated_at 2016_03_10;)

Added 2017-08-07 21:17:33 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Panda Banker CnC?"; flow:established,to_server; content:"POST"; http_method; content:!"Content-Type|3a 20|"; http_header; content:!"Referer|3a|"; http_header; content:"Accept|3a 20|*/*|0d 0a|"; http_header; depth:13; content:!".php"; http_uri; pcre:"/^\/[A-Za-z0-9]+(?:\/[A-F0-9]+){3,}$/U"; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P"; pcre:"/^User-Agent\x3a[^\r\n]+?(?:MSIE|rv\x3a11)/Hm"; content:"P/1.1|0d 0a|Accept|3a 20|*/*|0d 0a|"; fast_pattern:only; reference:md5,17bd012f145bba62b4e58b376d8002d3; classtype:trojan-activity; sid:2022609; rev:2;)

Added 2016-03-10 17:28:41 UTC


Topic revision: r1 - 2019-05-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats