ET MALWARE Win32/Gatak Activity
Sourceet/open
Fileemerging-malware.rules
CreatedJuly 29, 2014
UpdatedApril 7, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET MALWARE Win32/Gatak Activity"; flow:established,to_server ; http.method; content:"POST"; http.uri; pcre:"/\/(?:[a-z]{4,9}\/[a-z]{3,10}\?[a-z_]{2,9}=[0-9]{2,8}|[a-z]{10})&[a-z]{5,9}=[a-zA-Z0-9_*]{30,}$/" ; http.header_names; content:!"Accept"; content:!"Referer|0d 0a|"; http.header; content:"Mozilla/4.0 (compatible|3b| MSIE 8.0|3b| Windows NT 5.1|3b| Trident/4.0)|0d 0a|Host|3a|"; fast_pattern; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32/Gatak ; reference:url,www.malwaresigs.com/2013/01/30/trojan-gatak-post-compromise/ ; classtype:trojan-activity; sid:2018799; rev:5; metadata:created_at 2014_07_29, malware_family Win32_Gatak, signature_severity Major, updated_at 2024_04_07;)
References
Metadata
created at2014_07_29
malware familyWin32_Gatak
signature severityMajor
updated at2024_04_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!