ET MALWARE Tinba Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedSeptember 12, 2014
UpdatedApril 14, 2024
Classificationcommand-and-control
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Tinba Checkin"; flow:established,to_server ; flowbits:set,ET.Tinba.Checkin ; http.method; content:"POST"; http.content_len; byte_test:0,>,99,0,string,dec ; http.start; content:"/|20|HTTP/1.0|0d 0a|Host|3a 20|"; fast_pattern; http.header_names; content:"|0d 0a|Host|0d 0a|Content-Length|0d 0a 0d 0a|"; startswith; endswith; http.request_body; content:!"|00 00 00 00|"; depth:4; content:!"|FF FF FF FF|"; depth:4; byte_extract:4,0,Tinba.Pivot,relative ; byte_test:4,=,Tinba.Pivot,16,relative ; byte_test:4,!=,Tinba.Pivot,4,relative ; reference:md5,1e644fe146f62bd2fc585b8df6712ff6 ; classtype:command-and-control; sid:2019168; rev:9; metadata:created_at 2014_09_12, performance_impact Moderate, signature_severity Major, updated_at 2024_04_14;)
References
| md5 | 1e644fe146f62bd2fc585b8df6712ff6 |
Metadata
created at2014_09_12
performance impactModerate
signature severityMajor
updated at2024_04_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!