ET MALWARE Win32/Sisproc Variant POST to CnC Server

7.0.35.0SID: 2013342Rev: 6Enabled0 views
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 2, 2011
UpdatedApril 12, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Sisproc Variant POST to CnC Server"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/GetGrid.asp"; fast_pattern; http.request_body; content:"SN="; startswith; content:"&SP="; distance:0; reference:url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=04dc87d4dcf12f9c05a22ab9890a6323; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FSisproc&ThreatID=-2147342628; classtype:command-and-control; sid:2013342; rev:6; metadata:created_at 2011_08_02, malware_family Win32_Sisproc, signature_severity Major, updated_at 2024_04_12;)

Metadata

created at2011_08_02
malware familyWin32_Sisproc
signature severityMajor
updated at2024_04_12

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!