alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Novaloader Stage 2 VBS Request"; flow:established,to_server; content:"GET"; http_method; content:"Mozilla/4.0 (compatible|3b 20|Win32|3b 20|WinHttp.WinHttpRequest.5)"; http_user_agent; content:"/cabaco2.txt"; http_uri; fast_pattern; nocase; isdataat:!1,relative; metadata: former_category TROJAN; reference:url,www.zscaler.com/blogs/research/novaloader-yet-another-brazilian-banking-malware-family; reference:md5,4ef89349a52f9fcf9a139736e236217e; classtype:trojan-activity; sid:2027289; rev:1; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, deployment Perimeter, tag Novaloader, signature_severity Major, created_at 2019_04_29, updated_at 2019_04_29;)

Added 2019-04-29 18:23:29 UTC


Topic revision: r1 - 2019-04-29 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats