ET MALWARE EtumBot GET File Data Upload
Sourceet/open
Fileemerging-malware.rules
CreatedJune 9, 2014
UpdatedApril 13, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE EtumBot GET File Data Upload"; flow:established,to_server ; http.method; content:"GET"; http.uri; content:"/article/30441/Review.asp?id="; fast_pattern; startswith; pcre:"/^\x2farticle\x2f30441\x2fReview\x2easp\x3fid\x3d[A-Za-z0-9+_-]+\x26\x26data\x3d[A-Za-z0-9+_-]+$/i"; http.user_agent; content:"Mozilla/5.0 |28|compatible|3b 20|MSIE 8.0|3b 20|Windows NT 6.1|3b 20|Trident/5.0|29 |"; startswith; endswith; http.referer; content:"http|3a|//www.google.com/"; startswith; reference:url,www.arbornetworks.com/asert/2014/06/illuminating-the-etumbot-apt-backdoor/ ; reference:md5,ca838b98ca0f516858a8a523dcd1338d ; classtype:trojan-activity; sid:2018551; rev:7; metadata:created_at 2014_06_09, signature_severity Major, updated_at 2024_04_13;)
References
| url | www.arbornetworks.com/asert/2014/06/illuminating-the-etumbot-apt-backdoor/ |
| md5 | ca838b98ca0f516858a8a523dcd1338d |
Metadata
created at2014_06_09
signature severityMajor
updated at2024_04_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!