ET MALWARE FakeAV checkin
Sourceet/open
Fileemerging-malware.rules
CreatedDecember 22, 2012
UpdatedApril 14, 2024
Classificationcommand-and-control
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE FakeAV checkin"; flow:established,to_server ; http.user_agent; content:"Mozilla/5.0 (compatible|3b 20|MSIE 9.0|3b 20|Windows NT 7.1|3b 20|Trident/5.0)"; fast_pattern; http.header_names; content:"|0d 0a|User-Agent|0d 0a|Host|0d 0a|"; startswith; content:!"Accept"; reference:md5,dd4d18c07e93c34d082dab57a38f1b86 ; reference:md5,5a864ccfeee9c0c893cfdc35dd8820a6 ; classtype:command-and-control; sid:2016089; rev:8; metadata:created_at 2012_12_22, signature_severity Major, updated_at 2024_04_14;)
References
| md5 | dd4d18c07e93c34d082dab57a38f1b86 |
| md5 | 5a864ccfeee9c0c893cfdc35dd8820a6 |
Metadata
created at2012_12_22
signature severityMajor
updated at2024_04_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!