alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ZeuS? - ICE-IX cid= in cookie"; flow:established,to_server; content:"POST"; nocase; http_method; content:"Cookie|3a| cid="; http_raw_header; pcre:"/^\d{4}\r$/RDm"; content:!"mowersdirect.com|0d 0a|"; http_header; classtype:trojan-activity; sid:2014198; rev:13;)

Added 2016-11-01 18:45:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ZeuS? - ICE-IX cid= in cookie"; flow:established,to_server; content:"POST"; nocase; http_method; content:"Cookie|3a| cid="; http_raw_header; pcre:"/^\d{4}\r$/RDm"; content:!"mowersdirect.com|0d 0a|"; http_header; classtype:trojan-activity; sid:2014198; rev:13;)

Added 2016-11-01 18:39:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN ZeuS? - ICE-IX cid= in cookie"; flow:established,to_server; content:"POST "; nocase; depth:5; content:"|0D 0A|Cookie|3a| cid="; pcre:"/^\d{4}\r$/Rm"; classtype:trojan-activity; sid:2014198; rev:6;)

Added 2012-06-08 00:57:54 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN ZeuS? - ICE-IX cid= in cookie"; flow:established,to_server; content:"POST "; nocase; depth:5; content:"|0D 0A|Cookie|3a| cid="; pcre:"/cid=\d\d\d\d/"; classtype:trojan-activity; sid:2014198; rev:5;)

Added 2012-03-27 00:27:10 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN ZeuS? - ICE-IX cid= in cookie"; flow:established,to_server; content:"POST "; depth:5; content:"|0D 0A|Cookie|3a| cid="; pcre:"/cid=\d\d\d\d/"; classtype:trojan-activity; sid:2014198; rev:4;)

Added 2012-03-01 14:34:53 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN ZeuS? - ICE-IX cid= in cookie"; content:"POST"; http_method; content:"|0D 0A|Cookie|3a| cid="; pcre:"/cid=\d\d\d\d/"; classtype:trojan-activity; sid:2014198; rev:3;)

Added 2012-02-08 20:36:41 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET TROJAN ZeuS? - ICE-IX cid= in cookie"; content:"POST"; http_method; content:"|0D 0A|Cookie|3a| cid="; classtype:trojan-activity; sid:2014198; rev:2;)

Added 2012-02-06 22:00:17 UTC


Topic revision: r1 - 2016-11-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats