alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Shylock Module Data POST"; flow:established,to_server; content:"id="; http_client_body; content:"&bid="; http_client_body; content:"&query="; http_client_body; content:"&data="; http_client_body; pcre:"/id=\d+&bid=[^&]+&query=\w+&data=\w/P"; reference:url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1; reference:url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2; classtype:trojan-activity; sid:2013687; rev:3;)

Added 2012-09-28 00:08:33 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Shylock Module Data POST"; flow:established,to_server; content:"id="; http_client_body; content:"&bid="; http_client_body; content:"&query="; http_client_body; content:"&data="; http_client_body; pcre:"/id=\d+&bid=[^&]+&query=\w+&data=\w+/P"; reference:url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1; reference:url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2; classtype:trojan-activity; sid:2013687; rev:2;)

Added 2012-04-17 21:48:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Shylock Module Data POST"; flow:established,to_server; content:"id="; http_client_body; content:"&bid="; http_client_body; content:"&query="; http_client_body; content:"&data="; http_client_body; pcre:"/id=\d+&bid=[^&]+&query=\w+&data=\w+/"; reference:url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1; reference:url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2; classtype:trojan-activity; sid:2013687; rev:1;)

Added 2011-10-12 19:37:18 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Shylock Module Data POST"; flow:established,to_server; content:"id="; http_client_body; content:"&bid="; http_client_body; content:"&query="; http_client_body; content:"&data="; http_client_body; pcre:"/id=\d+&bid=[^&]+&query=\w+&data=\w+/"; classtype:trojan-activity; reference:url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1; reference:url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2; sid:2013687; rev:1;)

Added 2011-09-21 19:26:28 UTC


Topic revision: r1 - 2012-09-28 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats