Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE DLoader PWS Module Data Upload Activity"; flow:established,to_server; content:"/grabbers.php"; http_uri; content:"logs="; content:"&module=grabbers"; distance:0; reference:md5,12554e7f2e78daf26e73a2f92d01e7a7; reference:url,about-threats.trendmicro.com/malware.aspx?language=us&name=TROJ_VBKRYPT.CB; reference:md5,3310259795b787210dd6825e7b6d6d28; reference:url,www.f-secure.com/v-descs/trojan-downloader_w32_kdv176347.shtml; reference:md5,7af2097d75869aa5aa656cd6e523c8b3; classtype:trojan-activity; sid:2013046; rev:3; metadata:created_at 2011_06_16, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)