alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET"; nocase; http_method; content:"User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b 20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; fast_pattern:37,18; http_header; content:"|0d 0a|Accept|3a 20 2a 2f 2a|"; http_header; reference:url,doc.emergingthreats.net/2009447; classtype:trojan-activity; sid:2009447; rev:6;)

Added 2012-03-16 17:35:06 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b 20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; fast_pattern:37,18; http_header; content:"|0d 0a|Accept|3a 20 2a 2f 2a|"; http_header; reference:url,doc.emergingthreats.net/2009447; classtype:trojan-activity; sid:2009447; rev:5;)

Added 2011-12-19 18:45:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b 20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; http_header; content:"|0d 0a|Accept|3a 20 2a 2f 2a|"; http_header; reference:url,doc.emergingthreats.net/2009447; classtype:trojan-activity; sid:2009447; rev:4;)

Added 2011-10-12 19:27:23 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b 20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; http_header; content:"|0d 0a|Accept|3a 20 2a 2f 2a|"; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009447; sid:2009447; rev:4;)

Added 2011-09-14 22:40:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET"; http_method; content:"User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b 20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; http_header; content:"|0d 0a|Accept|3a 20 2a 2f 2a|"; http_header; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009447; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Banker.General; sid:2009447; rev:4;)

Added 2011-02-04 17:28:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET|20|/"; depth:5; content:"| 0d0a|User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; content:"|0d0a|Accept|3a202a2f2a|"; within:80; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009447; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Banker.General; sid:2009447; rev:3;)

Added 2009-07-01 20:03:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET|20|/"; depth:5; content:"| 0d0a|User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; content:"|0d0a|Accept|3a202a2f2a|"; within:80; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2009447; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Banker.General; sid:2009447; rev:3;)

Added 2009-07-01 20:03:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET|20|/"; depth:5; content:"| 0d0a|User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; content:"|0d0a|Accept|3a202a2f2a|"; within:80; reference:url,doc.emergingthreats.net/2009447; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Banker.General; sid:2009447; rev:2;)

Added 2009-06-28 20:15:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET|20|/"; depth:5; content:"| 0d0a|User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; content:"|0d0a|Accept|3a202a2f2a|"; within:80; reference:url,doc.emergingthreats.net/2009447; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Banker.General; sid:2009447; rev:2;)

Added 2009-06-28 20:15:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download"; flow:established,to_server; content:"GET|20|/"; depth:5; content:"| 0d0a|User-Agent|3a20|Mozilla|2f|4.0|2028|compatible|3b20|MSIE|20|6.0| 3b2020|Windows|20|NT|20|5.1|3b20|SV1|3b20|.NET|20|CLR|20|1.1.4322| 3b20|.NET|20|CLR|20|2.0.50727|290d0a|Host|3a20|"; content:"|0d0a|Accept|3a202a2f2a|"; within:80; sid:2009447; rev:1;)

Added 2009-06-27 15:45:35 UTC


Topic revision: r1 - 2012-03-16 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats