#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Unknown Malware Checkin Possibly ZeuS?"; flow:established,to_server; content:"POST"; http_method; content:"/rssfeed.php"; http_uri; content:"bn1="; http_client_body; content:"&sk1="; http_client_body; reference:url,anubis.iseclab.org/?action=result&task_id=1c19710e150ee00941148dee842a02976; classtype:trojan-activity; sid:2014178; rev:2; metadata:created_at 2012_02_02, updated_at 2012_02_02;)

Added 2017-08-07 21:07:31 UTC


##alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Unknown Malware Checkin Possibly ZeuS?"; flow:established,to_server; content:"POST"; http_method; content:"/rssfeed.php"; http_uri; content:"bn1="; http_client_body; content:"&sk1="; http_client_body; reference:url,anubis.iseclab.org/?action=result&task_id=1c19710e150ee00941148dee842a02976; classtype:trojan-activity; sid:2014178; rev:2;)

Added 2012-02-10 20:45:25 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Unknown Malware Checkin Possibly ZeuS?"; flow:established,to_server; content:"POST"; http_method; content:"/rssfeed.php"; http_uri; content:"bn1="; http_client_body; content:"&sk1="; http_client_body; reference:url,anubis.iseclab.org/?action=result&task_id=1c19710e150ee00941148dee842a02976; classtype:trojan-activity; sid:2014178; rev:2;)

Added 2012-02-04 11:25:46 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats