ET MALWARE Backdoor.Win32.Popwin Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 15, 2014
UpdatedMay 2, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor.Win32.Popwin Checkin"; flow:established,to_server ; http.uri; content:"/soft/xiaomi"; fast_pattern; content:".asp"; distance:0; http.user_agent; content:"API-Guide test program"; startswith; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; content:!"|0d 0a|accept|0d 0a|"; reference:md5,dd762c69049fbd00c22f70f109baa26e ; classtype:command-and-control; sid:2018143; rev:11; metadata:created_at 2014_02_15, signature_severity Major, updated_at 2024_05_02;)
References
| md5 | dd762c69049fbd00c22f70f109baa26e |
Metadata
created at2014_02_15
signature severityMajor
updated at2024_05_02
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!