#alert http $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET DELETED Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST"; nocase; http_method; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase; content:"|26|sp="; nocase; content:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; reference:url,doc.emergingthreats.net/2008326; classtype:trojan-activity; sid:2008326; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:01:29 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; nocase; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase; content:"|26|sp="; nocase; content:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; reference:url,doc.emergingthreats.net/2008326; classtype:trojan-activity; sid:2008326; rev:7;)

Added 2012-03-19 23:39:04 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase; content:"|26|sp="; nocase; content:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; reference:url,doc.emergingthreats.net/2008326; classtype:trojan-activity; sid:2008326; rev:6;)

Added 2011-10-12 19:24:54 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase; content:"|26|sp="; nocase; content:"|26|lcp="; nocase; classtype:trojan-activity; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; reference:url,doc.emergingthreats.net/2008326; sid:2008326; rev:6;)

Added 2011-09-14 22:38:21 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase; content:"|26|sp="; nocase; content:"|26|lcp="; nocase; classtype:trojan-activity; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; reference:url,doc.emergingthreats.net/2008326; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PRG; sid:2008326; rev:6;)

Added 2011-02-04 17:27:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase; content:"|26|sp="; nocase; content:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008326; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PRG; sid:2008326; rev:4;)

Added 2009-02-27 18:52:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase; content:"|26|sp="; nocase; content:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008326; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PRG; sid:2008326; rev:4;)

Added 2009-02-27 18:52:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase:"|26|sp="; nocase:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008326; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PRG; sid:2008326; rev:3;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase:"|26|sp="; nocase:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2008326; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_PRG; sid:2008326; rev:3;)

Added 2009-02-13 19:30:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase:"|26|sp="; nocase:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; classtype:trojan-activity; sid:2008326; rev:2;)

Added 2008-07-07 10:21:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase:"|26|sp="; nocase:"|26|lcp="; nocase; reference:url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf; classtype:trojan-activity; sid:2008326; rev:2;)

Added 2008-07-07 10:21:57 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN Banker Infostealer/PRG POST on High Port"; flow:to_server,established; content:"POST "; depth:5; content:"|2E|php|3F|2="; nocase; content:"|26|n="; nocase; content:"|26|v="; nocase; content:"|26|i="; nocase:"|26|sp="; nocase:"|26|lcp="; nocase; reference:url,ip.securescience.net/advisories/pubMalwareCaseStudy.pdf; classtype:trojan-activity; sid:2008326; rev:1;)

Added 2008-06-24 18:13:39 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats