ET MALWARE Zberp/ZeusVM receiving config via image file (steganography) 3

SID: 2021527Rev: 50 views
History
Sourceet/open
CreatedJuly 23, 2015
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Zberp/ZeusVM receiving config via image file (steganography) 3"; flow:from_server,established; flowbits:isset,ET.Zberp; file_data; content:"0103F|00|"; distance:0; content:"|ff fe ff ff|"; distance:-10; within:4; pcre:"/^0103F\x00[^\x00]+(\xff\xd9)?$/R"; reference:md5,7ba76b0ec1249b19a46e1603e5ab0a90; reference:url,blog.malwarebytes.org/security-threat/2014/02/hiding-in-plain-sight-a-story-about-a-sneaky-banking-trojan/; classtype:trojan-activity; sid:2021527; rev:5; metadata:created_at 2015_07_23, signature_severity Major, updated_at 2019_07_26;)

References

md5
7ba76b0ec1249b19a46e1603e5ab0a90
Google SearchBrave Search
urlblog.malwarebytes.org/security-threat/2014/02/hiding-in-plain-sight-a-story-about-a-sneaky-banking-trojan/

Metadata

created at2015_07_23
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!