#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET"; depth:3; http_method; content:".bin HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.1|3b| SV1)|0d 0a|Host|3a| "; content:!"|0d 0a|Referer|3a|"; nocase; reference:url,doc.emergingthreats.net/2010861; classtype:trojan-activity; sid:2010861; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:04:00 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET"; depth:3; http_method; content:".bin HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.1|3b| SV1)|0d 0a|Host|3a| "; content:!"|0d 0a|Referer|3a|"; nocase; reference:url,doc.emergingthreats.net/2010861; classtype:trojan-activity; sid:2010861; rev:6;)

Added 2011-10-12 19:30:45 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET"; depth:3; http_method; content:".bin HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.1|3b| SV1)|0d 0a|Host|3a| "; content:!"|0d 0a|Referer|3a|"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010861; sid:2010861; rev:6;)

Added 2011-09-14 22:43:55 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET"; depth:3; http_method; content:".bin HTTP/1.1|0d 0a|Accept|3a| */*|0d 0a|Connection|3a| Close|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.1|3b| SV1)|0d 0a|Host|3a| "; content:!"|0d 0a|Referer|3a|"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010861; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Zeus; sid:2010861; rev:6;)

Added 2011-02-04 17:30:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET /"; depth:5; content:".bin HTTP/1.1|0d 0a|Accept\: */*|0d 0a|Connection\: Close|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\; SV1)|0d 0a|Host\: "; content:!"|0d 0a|Referer|3a|"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010861; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Zeus; sid:2010861; rev:4;)

Added 2010-06-09 20:41:08 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET /"; depth:5; content:".bin HTTP/1.1|0d 0a|Accept\: */*|0d 0a|Connection\: Close|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\; SV1)|0d 0a|Host\: "; content:!"|0d 0a|Referer|3a|"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010861; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Zeus; sid:2010861; rev:4;)

Added 2010-06-09 20:41:08 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET /"; depth:5; content:".bin HTTP/1.1|0d 0a|Accept\: */*|0d 0a|Connection\: Close|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\; SV1)|0d 0a|Host\: "; content:!"|0d 0a|Referer|3a|"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010861; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Zeus; sid:2010861; rev:3;)

Added 2010-03-01 09:15:47 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET /"; depth:5; content:".bin HTTP/1.1|0d 0a|Accept\: */*|0d 0a|Connection\: Close|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\; SV1)|0d 0a|Host\: "; content:!"|0d 0a|Referer|3a|"; nocase; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010861; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Zeus; sid:2010861; rev:3;)

Added 2010-03-01 09:15:47 UTC


alert tcp $HOME_NET 1024: -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Zeus Bot Request to CnC?"; flow:established,to_server; uricontent:".bin"; content:"GET /"; depth:5; content:".bin HTTP/1.1|0d 0a|Accept\: */*|0d 0a|Connection\: Close|0d 0a|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.1\; SV1)|0d 0a|Host\: "; content:!"|0d 0a|Referer|3a|"; nocase; pcre:"/\x0d\x0aHost\:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x0d\x0a/"; classtype:trojan-activity; reference:url,doc.emergingthreats.net/2010861; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Zeus; sid:2010861; rev:2;)

Added 2010-02-26 18:56:43 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats