ET MALWARE Win32/Sisproc Variant POST to CnC Server
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 2, 2011
UpdatedApril 12, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Sisproc Variant POST to CnC Server"; flow:established,to_server ; http.method; content:"POST"; nocase; http.uri; content:"/GetGrid.asp"; fast_pattern; http.request_body; content:"SN="; startswith; content:"&SP="; distance:0; reference:url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=04dc87d4dcf12f9c05a22ab9890a6323 ; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FSisproc&ThreatID=-2147342628 ; classtype:command-and-control; sid:2013342; rev:6; metadata:created_at 2011_08_02, malware_family Win32_Sisproc, signature_severity Major, updated_at 2024_04_12;)
References
Metadata
created at2011_08_02
malware familyWin32_Sisproc
signature severityMajor
updated at2024_04_12
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!