ET MALWARE Taidoor Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedNovember 14, 2013
UpdatedApril 7, 2024
Classificationcommand-and-control
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Taidoor Checkin"; flow:established,to_server ; http.uri; content:".jsp?"; fast_pattern; pcre:"/^[a-z]{2}\x3d[a-z0-9]+?[A-F0-9]+?$/R"; http.host; content:!"reg.163.com"; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; content:!"|0d 0a|Accept"; content:"|0d 0a|User-Agent|0d 0a|"; startswith; reference:url,fireeye.com/blog/technical/cyber-exploits/2013/11/exploit-proliferation-additional-threat-groups-acquire-cve-2013-3906.html ; reference:md5,17f9f999e1814b99601446f8ce7eb816 ; classtype:command-and-control; sid:2017713; rev:12; metadata:created_at 2013_11_14, deprecation_reason Age, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_07, reviewed_at 2024_02_08;)
References
| url | fireeye.com/blog/technical/cyber-exploits/2013/11/exploit-proliferation-additional-threat-groups-acquire-cve-2013-3906.html |
| md5 | 17f9f999e1814b99601446f8ce7eb816 |
Metadata
created at2013_11_14
deprecation reasonAge
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_07
reviewed at2024_02_08
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!