alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Cridex Post to CnC?"; flow:established,to_server; content:"|0d 0a 0d 0a de ad be ef|"; content:"POST"; http_method; content:!"."; http_uri; reference:url,vrt-blog.snort.org/2012/07/banking-trojan-spread-via-ups-phish.html; reference:url,www.virustotal.com/file/00bf5b6f32b6a8223b8e55055800ef7870f8acaed334cb12484e44489b2ace24/analysis/; reference:url,www.packetninjas.net; classtype:trojan-activity; sid:2015028; rev:5;)

Added 2016-11-01 18:45:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Cridex Post to CnC?"; flow:established,to_server; content:"|0d 0a 0d 0a de ad be ef|"; content:"POST"; http_method; content:!"."; http_uri; reference:url,vrt-blog.snort.org/2012/07/banking-trojan-spread-via-ups-phish.html; reference:url,www.virustotal.com/file/00bf5b6f32b6a8223b8e55055800ef7870f8acaed334cb12484e44489b2ace24/analysis/; reference:url,www.packetninjas.net; classtype:trojan-activity; sid:2015028; rev:5;)

Added 2016-11-01 18:39:19 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Cridex Post to CnC?"; flow:established,to_server; content:"|0d 0a 0d 0a de ad be ef|"; content:"POST"; http_method; reference:url,vrt-blog.snort.org/2012/07/banking-trojan-spread-via-ups-phish.html; reference:url,www.virustotal.com/file/00bf5b6f32b6a8223b8e55055800ef7870f8acaed334cb12484e44489b2ace24/analysis/; reference:url,www.packetninjas.net; classtype:trojan-activity; sid:2015028; rev:4;)

Added 2012-08-17 16:40:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Cridex Post to CnC?"; flow:established,to_server; content:"|0d 0a 0d 0a de ad be ef|"; fast_pattern:only; content:"POST"; http_method; reference:url,vrt-blog.snort.org/2012/07/banking-trojan-spread-via-ups-phish.html; reference:url,www.virustotal.com/file/00bf5b6f32b6a8223b8e55055800ef7870f8acaed334cb12484e44489b2ace24/analysis/; reference:url,www.packetninjas.net; classtype:trojan-activity; sid:2015028; rev:3;)

Added 2012-08-16 16:40:01 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN 0d0a0d0aDEADBEEF in HTTP POST with Cache-Control to C&C"; flow:established,to_server; content:"|0d 0a 0d 0a de ad be ef|"; fast_pattern:only; content:"POST"; http_method; content:"Cache-Control|3a 20|"; http_header; reference:url,vrt-blog.snort.org/2012/07/banking-trojan-spread-via-ups-phish.html; classtype:trojan-activity; sid:2015028; rev:1;)

Added 2012-07-05 23:49:44 UTC


Topic revision: r1 - 2016-11-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats