ET MALWARE Trojan/W32.KRBanker.60928.C Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedDecember 1, 2014
UpdatedApril 7, 2024
Classificationcommand-and-control
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Trojan/W32.KRBanker.60928.C Checkin"; flow:established,to_server ; http.method; content:"POST"; nocase; http.uri; content:"/upload.php"; http.header; content:"|0d 0a|Accept-Language|3a 20|zh-cn|0d 0a|"; http.user_agent; bsize:50; content:"Mozilla/4.0 (compatible|3b 20|MSIE 6.0|3b 20|Windows NT 5.0)"; http.request_body; content:"name=|22|upload_file1|22 3b 20|"; fast_pattern; content:".zip|22 0d 0a|"; content:"Content-Type|3a 20|application/x-zip-compressed|0d 0a|"; pcre:"/filename=\x22[A-Z]\x3a\\.+?\\[a-f0-9]{32}\.zip\x22\r\n/"; reference:md5,ec5d7bc9d84551066fff51e36bc41d4d ; reference:md5,13bd584bb12ee5dc15c35f5911912b09 ; classtype:command-and-control; sid:2019828; rev:8; metadata:created_at 2014_12_01, signature_severity Major, updated_at 2024_04_07;)
References
| md5 | ec5d7bc9d84551066fff51e36bc41d4d |
| md5 | 13bd584bb12ee5dc15c35f5911912b09 |
Metadata
created at2014_12_01
signature severityMajor
updated at2024_04_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!