alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MSIL/Spy.Banker.DH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".aspx?"; http_uri; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; content:"Mozilla/5.0 (Windows|3b 20|U|3b 20|Windows NT 6.1|3b 20|ru|3b 20|rv|3a|1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)"; fast_pattern; http_user_agent; depth:104; isdataat:!1,relative; content:"id="; depth:3; nocase; http_client_body; pcre:"/\.aspx\?$/U"; metadata: former_category MALWARE; reference:md5,39519ff5bddd6d0eee032232349fe0a6; classtype:trojan-activity; sid:2022811; rev:4; metadata:created_at 2016_05_17, updated_at 2019_10_23;)

Added 2019-10-23 19:39:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MSIL/Spy.Banker.DH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".aspx?"; http_uri; content:"Content-Type|3a| application/x-www-form-urlencoded"; http_header; content:"User-Agent|3a| Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| ru|3b| rv|3a|1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)|0d 0a|"; fast_pattern:84,20; http_header; content:"id="; depth:3; nocase; http_client_body; pcre:"/\.aspx\?$/U"; metadata: former_category MALWARE; reference:md5,39519ff5bddd6d0eee032232349fe0a6; classtype:trojan-activity; sid:2022811; rev:3; metadata:created_at 2016_05_17, updated_at 2016_06_13;)

Added 2019-09-26 19:58:09 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MSIL/Spy.Banker.DH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".aspx?"; http_uri; content:"Content-Type|3a| application/x-www-form-urlencoded"; http_header; content:"User-Agent|3a| Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| ru|3b| rv|3a|1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)|0d 0a|"; fast_pattern:84,20; http_header; content:"id="; depth:3; nocase; http_client_body; pcre:"/\.aspx\?$/U"; reference:md5,39519ff5bddd6d0eee032232349fe0a6; classtype:trojan-activity; sid:2022811; rev:3; metadata:created_at 2016_05_17, updated_at 2016_06_13;)

Added 2018-09-13 19:52:34 UTC


Added 2018-09-13 18:00:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MSIL/Spy.Banker.DH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".aspx?"; http_uri; content:"Content-Type|3a| application/x-www-form-urlencoded"; http_header; content:"User-Agent|3a| Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| ru|3b| rv|3a|1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)|0d 0a|"; fast_pattern:84,20; http_header; content:"id="; depth:3; nocase; http_client_body; pcre:"/\.aspx\?$/U"; reference:md5,39519ff5bddd6d0eee032232349fe0a6; classtype:trojan-activity; sid:2022811; rev:3; metadata:created_at 2016_05_17, updated_at 2016_06_13;)

Added 2017-08-07 21:17:48 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MSIL/Spy.Banker.DH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".aspx?"; http_uri; content:"Content-Type|3a| application/x-www-form-urlencoded"; http_header; content:"User-Agent|3a| Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| ru|3b| rv|3a|1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)|0d 0a|"; fast_pattern:84,20; http_header; content:"id="; depth:3; nocase; http_client_body; pcre:"/\.aspx\?$/U"; reference:md5,39519ff5bddd6d0eee032232349fe0a6; classtype:trojan-activity; sid:2022811; rev:3;)

Added 2016-06-13 18:00:57 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MSIL/Spy.Banker.DH Checkin"; flow:established,to_server; content:"POST"; http_method; content:".aspx?"; http_uri; content:"Content-Type|3a| application/x-www-form-urlencoded"; http_header; content:"User-Agent|3a| Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| ru|3b| rv|3a|1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)|0d 0a|"; fast_pattern:84,20; http_header; content:"id="; depth:3; nocase; http_client_body; pcre:"/\.aspx\?$/U"; reference:md5,39519ff5bddd6d0eee032232349fe0a6; classtype:trojan-activity; sid:2022811; rev:3;)

Added 2016-06-13 17:59:28 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN NOVO_G0LP3 Checkin"; flow:established,to_server; content:"POST"; http_method; content:".aspx?"; http_uri; content:"Content-Type|3a| application/x-www-form-urlencoded"; http_header; content:"User-Agent|3a| Mozilla/5.0 (Windows|3b| U|3b| Windows NT 6.1|3b| ru|3b| rv|3a|1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)|0d 0a|"; fast_pattern:84,20; http_header; content:"id="; depth:3; nocase; http_client_body; pcre:"/\.aspx\?$/U"; reference:md5,39519ff5bddd6d0eee032232349fe0a6; classtype:trojan-activity; sid:2022811; rev:2;)

Added 2016-05-17 17:27:34 UTC


Topic revision: r1 - 2019-10-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats