ET MALWARE Proxy.Win32.Fackemo.g/Katusha/FakeAlert Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedJuly 30, 2010
UpdatedMarch 16, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Proxy.Win32.Fackemo.g/Katusha/FakeAlert Checkin"; flow:established,to_server ; http.method; content:"POST"; http.uri; content:"magic="; fast_pattern; content:"&id="; content:"&cache="; content:"&tm="; content:"&ox="; http.user_agent; content:!"Mozilla"; reference:md5,29457bd7a95e11bfd0e614a6e237a344 ; reference:md5,173a060ed791e620c2ec84d7b360ed60 ; reference:url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o ; classtype:command-and-control; sid:2008523; rev:9; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2024_03_16;)
References
| md5 | 29457bd7a95e11bfd0e614a6e237a344 |
| md5 | 173a060ed791e620c2ec84d7b360ed60 |
| url | www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o |
Metadata
created at2010_07_30
signature severityMajor
updated at2024_03_16
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!