ET MALWARE Win32/Cridex Checkin

7.0.35.0SID: 2017305Rev: 9Enabled2 views
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 9, 2013
UpdatedApril 14, 2024
Classificationcommand-and-control
alert http1 $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET MALWARE Win32/Cridex Checkin"; flow:established,to_server; http.method; content:"POST"; http.uri; pcre:"/^\/(?:[a-z0-9+]+?\/){3}$/i"; http.header; content:"Accept|3a 20|*/*|0d 0a|Host|3a 20|"; startswith; content:"Cache-Control|3a 20|no-cache"; distance:0; http.host.raw; pcre:"/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\x3a8080$/"; http.connection; bsize:10; content:"Keep-Alive"; http.content_len; byte_test:0,>,99,0,string,dec; byte_test:0,<,1000,0,string,dec; http.header_names; content:"|0d 0a|Accept|0d 0a|Host|0d 0a|Content-Length|0d 0a|Connection|0d 0a|Cache-Control|0d 0a 0d 0a|"; fast_pattern; startswith; reference:md5,94e496decf90c4ba2fb3e7113a081726; classtype:command-and-control; sid:2017305; rev:9; metadata:created_at 2013_08_09, malware_family Win32_Cridex, signature_severity Major, updated_at 2024_04_14;)

References

md5
94e496decf90c4ba2fb3e7113a081726

Metadata

created at2013_08_09
malware familyWin32_Cridex
signature severityMajor
updated at2024_04_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!