ET MALWARE Zberp/ZeusVM receiving config via image file (steganography) 2

7.0.35.0SID: 2021383Rev: 4Enabled1 views
Sourceet/open
Fileemerging-malware.rules
CreatedJuly 6, 2015
UpdatedMarch 14, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Zberp/ZeusVM receiving config via image file (steganography) 2"; flow:established,to_client; flowbits:isset,ET.Zberp; file.data; content:"0103F|00|"; distance:0; content:"|ff fe|"; distance:-10; within:2; byte_test:2,>,100,0,relative,little; byte_extract:2,0,config_len,relative,little; content:!"|00|"; distance:6; within:config_len; pcre:"/^0103F\x00[^\x00]+(\xff\xd9)?$/R"; reference:md5,7ba76b0ec1249b19a46e1603e5ab0a90; reference:url,blog.malwarebytes.org/security-threat/2014/02/hiding-in-plain-sight-a-story-about-a-sneaky-banking-trojan/; classtype:trojan-activity; sid:2021383; rev:4; metadata:created_at 2015_07_06, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)

Metadata

created at2015_07_06
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!