Added 2012-07-06 00:28:40 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Unknown Banking Trojan POST to C&C"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/5.0|20|(Windows|3b 20|U|3b 20|MSIE|20|7"; http_header; fast_pattern:23,20; content:"POST"; http_method; content:!"Accept-"; http_header; classtype:trojan-activity; sid:2015029; rev:3;)

Added 2012-07-05 23:49:44 UTC


Topic revision: r1 - 2012-07-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats