ET MALWARE CryptoWall Check-in
Sourceet/open
Fileemerging-malware.rules
CreatedMay 5, 2014
UpdatedApril 14, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE CryptoWall Check-in"; flow:established,to_server ; urilen:<134; http.uri; pcre:"/[\/=][a-z0-9]{8,}$/" ; http.user_agent; content:"|20|MSIE|20|"; fast_pattern; http.request_body; content:"="; offset:1; depth:1; pcre:"/^[a-z]=[a-f0-9]{80,}$/" ; http.accept; content:"*/*"; startswith; endswith; http.content_type; content:"application/x-www-form-urlencoded"; startswith; endswith; http.header_names; content:"|0d 0a|Accept|0d 0a|Content-Type|0d 0a|"; startswith; content:!"Accept-"; nocase; content:!"Referer"; reference:md5,3c53c9f7ab32a09de89bb44e5f91f9af ; classtype:trojan-activity; sid:2018452; rev:20; metadata:created_at 2014_05_05, deprecation_reason Performance, performance_impact Significant, signature_severity Major, updated_at 2024_04_14;)
References
| md5 | 3c53c9f7ab32a09de89bb44e5f91f9af |
Metadata
created at2014_05_05
deprecation reasonPerformance
performance impactSignificant
signature severityMajor
updated at2024_04_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!