The input sample is signed with a certificate issued by "CN=Symantec Time Stamping Services CA - G2, O=Symantec Corporation, C=US" (SHA1: 65:43:99:29:B6:79:73:EB:19:2D:6F:F2:43:E6:76:7A:DF:08:34:E4 see report for more information) The input sample is signed with a certificate issued by "CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA" (SHA1: 6C:07:45:3F:FD:DA:08:B8:37:07:C0:9B:82:FB:3D:15:F3:53:36:B1 see report for more information) "condition:match("webscr&cmd=_login-submit", HTML::Url, REGEX_INSENSITIVE) " (Indicator: "cmd=") "condition:match("cmd=_login-run", Url::Params, REGEX_INSENSITIVE) " (Indicator: "cmd=") "/http/filter/rbl/DnsServers=127.0.0.0/http/filter/rbl/DnsServersIni = 127.0.0.0/http/filter/rbl/DnsServersIni2011 = 127.0.0.0/http/filter/rbl/RblServers = /http/filter/rbl/RblServers2011 = /http/filter/rbl/RblQueryZone = ph/http/filter/rbl/RblReportZone = report/http/filter/rbl/RblReportFPZone = fp/http/filter/rbl/RblReportCatchZone = catch2/http/filter/rbl/RblReportPCCatchZone = pc/http/filter/fuzzy/IsPhishing = 1/http/filter/summary/IsPhishing = 1/http/dispatcher/RunAllAphFilters = 0/http/filter/phsign/RunAllSignatures = 0/http/filter/spoof/Threshold = 65/http/filter/cloud/FiprAskFrequency = 1/http/filter/cloud/ReportTimeout = 2000 /http/filter/rbl/CloudReportUrl = /http/streamer/MaxBufSize = 300000 /http/filter/signatures/LoadXlfSignatures=0" (Indicator: "servers=")
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |