Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Spy.Banker.AAXV Retrieving key from Pinterest"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/pin/"; startswith; http.user_agent; bsize:21; content:"Internet Explorer 6.0"; fast_pattern; http.header_names; content:!"|0d 0a|Accept"; content:!"|0d 0a|Connection|0d 0a|"; content:!"|0d 0a|Referer|0d 0a|"; reference:md5,f25a8e3f5265a57269590b84a506b672; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/malware-campaign-targets-south-korean-banks-uses-pinterest-as-cc-channel/; classtype:trojan-activity; sid:2019961; rev:5; metadata:created_at 2014_12_18, malware_family Win32_Spy_Banker_AAXV, signature_severity Major, updated_at 2024_03_10;)