alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN MSIL/KeyRedirEx Banker Requesting Redirect/Inject List"; flow:established,to_server; content:"GET"; http_method; content:"/red/info.php"; http_uri; depth:13; fast_pattern; isdataat:!1,relative; http_header_names; content:!"Referer"; content:!"Accept"; content:!"User-Agent"; content:"Host|0d 0a|Connection|0d 0a 0d 0a|"; metadata: former_category TROJAN; reference:md5,ec33cc6cb625197587410840bce5983b; reference:url,otx.alienvault.com/pulse/5bd339328f32ad2db2e03f1a; classtype:trojan-activity; sid:2026562; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Banker, signature_severity Major, created_at 2018_10_29, malware_family KeyRedirEx?, performance_impact Low, updated_at 2018_10_29;)

Added 2018-10-29 18:07:10 UTC


Topic revision: r1 - 2018-10-29 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats