alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Babylon User-Agent (Translation App Observed in PPI MALWARE)"; flow:to_server,established; content:"User-Agent|3a| Babylon"; http_header; fast_pattern:12,7; reference:md5,54e482d6c0344935115d04b411afdb27; reference:md5,54dfd618401a573996b2b32bdd21b2d4; reference:md5,546888f8a18ed849058a5325015c29ef; reference:url,www.babylon.com; classtype:policy-violation; sid:2012735; rev:5;)

Added 2012-03-27 17:22:55 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Browser Search Bar User-Agent String (Babylon)"; flow:to_server,established; content:"User-Agent|3a| Babylon"; http_header; fast_pattern:only; classtype:trojan-activity; sid:2012735; rev:2;)

Added 2011-10-12 19:35:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Browser Search Bar User-Agent String (Babylon)"; flow:to_server,established; content:"User-Agent|3a| Babylon"; http_header; fast_pattern:only; classtype:trojan-activity; sid:2012735; rev:2;)

Added 2011-05-02 14:42:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Browser Search Bar User-Agent String (Babylon)"; flow:to_server,established; content:"User-Agent|3a| Babylon"; http_header; fast_pattern:only; classtype:trojan-activity; sid:2012735; rev:2;)

Added 2011-05-02 14:23:36 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Browser Search Bar User-Agent String (Babylon)"; flow:to_server,established; content:"User-Agent|3a| Babylon"; http_header; fast_pattern:only; classtype:trojan-activity; sid:2012735; rev:2;)

Added 2011-05-02 14:04:14 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Browser Search Bar User-Agent String (Babylon)"; flow:to_server,established; content:"User-Agent|3a| Babylon"; http_header; fast_pattern:only; classtype:trojan-activity; sid:2012735; rev:2;)

Added 2011-05-01 20:54:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Browser Search Bar User-Agent String (Babylon)"; flow:to_server,established; content:"User-Agent|3a| Babylon"; http_header; fast_pattern:only; classtype:trojan-activity; sid:2012735; rev:2;)

Added 2011-04-29 17:39:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET USER_AGENTS Suspicious User-Agent String (Babylon)"; flow:to_server,established; content:"User-Agent|3a| Babylon"; http_header; fast_pattern:only; classtype:trojan-activity; sid:2012735; rev:1;)

Added 2011-04-28 19:56:37 UTC


Topic revision: r1 - 2012-03-27 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats