ET MALWARE Infostealer.Banprox Proxy.pac Download
Sourceet/open
CreatedFebruary 28, 2012
UpdatedJune 16, 2022
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Infostealer.Banprox Proxy.pac Download"; flow:from_server,established; http.header; content:!"ztunnelversion|3a 20|"; file_data; content:"FindProxyForURL"; fast_pattern; distance:0; content:"|22|PROXY"; distance:0; content:!"trust.zscaler.com"; pcre:"/(?:www\.(?:(?:b(?:an(?:co(?:dobrasil|hsbc)|espa)|radesco(?:prime)?|b)|hsbc(?:pr(?:ivatebank|emier)|ba(?:merindus|nk))?|s(?:antander(?:banespa|net)?|erasa(?:experian)?)|uolhost)\.com\.br|c(?:(?:aixa(?:(?:economica(?:federal)?|qui)\.gov|\.(?:com|gov))|onsultasintegradas\.rs\.gov|ef\.(?:com|gov))\.br|redicard\.com(?:\.br)?)|itau(?:p(?:ersonnalite|rivatebank)|uniclass)?\.com\.br,|ame(?:ricanexpress\.com(?:\.br)?|x\.com\.br))|(?:(?:b(?:an(?:co(?:dobrasil|hsbc)|risul)|radesco(?:prime)?|b)|hsbc(?:pr(?:ivatebank|emier)|ba(?:merindus|nk))?|s(?:erasa(?:experian)?|antander)|uolhost)\.com|c(?:aixa(?:(?:economica(?:federal)?|qui)\.gov|\.(?:com|gov))|onsultasintegradas\.rs\.gov|ef\.(?:com|gov)|redicard\.com))\.br|itau(?:(?:p(?:ersonnalite|rivatebank)|uniclass)\.com\.br|\.com\.br,)|ame(?:ricanexpress.com(?:\.br)?|x\.com\.br)|\*(?:linhadefensiva*|hsbc*))/"; reference:md5,3baae632d2476cbd3646c5e1b245d9be; reference:md5,ace343a70fbd26e79358db4c27de73db; classtype:trojan-activity; sid:2014435; rev:17; metadata:created_at 2012_02_28, deprecation_reason False_Positive, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_16;)
References
| md5 | 3baae632d2476cbd3646c5e1b245d9be |
| md5 | ace343a70fbd26e79358db4c27de73db |
Metadata
created at2012_02_28
deprecation reasonFalse_Positive
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_06_16
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!