ET MALWARE StealRat Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 1, 2013
UpdatedApril 20, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE StealRat Checkin"; flow:established,to_server ; http.uri; content:"/d/"; startswith; fast_pattern; content:".jpg"; endswith; pcre:"/^\/d\/[a-z]+\d+\.jpg$/"; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; http.host; bsize:14; content:"www.google.com"; classtype:command-and-control; sid:2017263; rev:7; metadata:created_at 2013_08_01, deprecation_reason Age, signature_severity Major, updated_at 2024_04_20, reviewed_at 2024_02_08;)
Metadata
created at2013_08_01
deprecation reasonAge
signature severityMajor
updated at2024_04_20
reviewed at2024_02_08
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!