ET DELETED Possible Zeus Version 3 Infection Posting Banking HTTP Log to Command and Control Server

SID: 2011345Rev: 51 viewsHistory

Sourceet/open

CreatedSeptember 28, 2010

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Possible Zeus Version 3 Infection Posting Banking HTTP Log to Command and Control Server"; flow:established,to_server; content:"GET"; nocase; http_method; content:"/get_dr.php?"; http_uri; nocase; content:"https|3A|//"; nocase; pcre:"/\x2Fget\x5Fdr\x2Ephp\x3F(e|ini)\x3D/Ui"; reference:url,www.m86security.com/labs/i/Customers-of-Global-Financial-Institution-Hit-by-Cybercrime,trace.1431~.asp; reference:url,www.m86security.com/documents/pdfs/security_labs/cybercriminals_target_online_banking.pdf; classtype:trojan-activity; sid:2011345; rev:5; metadata:created_at 2010_09_28, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

url	www.m86security.com/labs/i/Customers-of-Global-Financial-Institution-Hit-by-Cybercrime
url	www.m86security.com/documents/pdfs/security_labs/cybercriminals_target_online_banking.pdf

Metadata

created at2010_09_28

signature severityUnknown

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!