Versions (3)
Version DetailsCurrent
Rev: 11 • Dec 1, 2011, 12:00 PMET MALWARE Zeus POST Request to CnC - URL agnostic
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Zeus POST Request to CnC - URL agnostic"; flow:established,to_server; http.method; content:"POST"; http.header; content:"Accept|3a 20|*/*|0d 0a|User-Agent|3a 20|Mozilla"; fast_pattern; startswith; content:"|3a 20|no-cache"; http.connection; content:"Keep-Alive"; http.header_names; content:!"|0d 0a|Content-Type|0d 0a|"; content:"|0d 0a|Accept|0d 0a|User-Agent|0d 0a|"; startswith; content:"|0d 0a|Content-Length|0d 0a|"; distance:0; content:"|0d 0a|Connection|0d 0a|"; reference:url,www.secureworks.com/research/threats/zeus/?threat=zeus; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html; classtype:command-and-control; sid:2013976; rev:11; metadata:created_at 2011_12_01, signature_severity Major, updated_at 2024_02_20;)
Dec 1, 2011, 12:00 PM
Feb 20, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules