[Emerging-Sigs] SIG: ET CURRENT_EVENTS W32/Zbot Download Invoice Spam Campaign 10th Sep 2014

Kevin Ross kevross33 at googlemail.com
Thu Sep 11 05:42:42 EDT 2014


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET
CURRENT_EVENTS W32/Zbot Download Invoice Spam Campaign 10th Sep 2014";
flow:established,to_server; content:"/Invoice_"; nocase; http_uri; depth:9;
content:".exe"; http_uri; pcre:"/^\x2FInvoice\x5F\d{5,}\x2Eexe$/Ui";
classtype:trojan-activity; reference:md5,bdf12366779ce94178c2d1e495565d2b;
sid:1239991; rev:1;)


Kind Regards,
Kevin Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140911/317a1d65/attachment.html>


More information about the Emerging-sigs mailing list