ET MALWARE Dridex v2 POST Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedDecember 1, 2014
UpdatedApril 7, 2024
Classificationcommand-and-control
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Dridex v2 POST Checkin"; flow:established,to_server ; urilen:>20; http.method; content:"POST"; http.header_names; content:!"Referer|0d 0a|"; content:!"Accept-Encoding|0d 0a|"; content:"|0d 0a|Host|0d 0a|Connection|0d 0a|User-Agent|0d 0a|Content-Type|0d 0a|Accept|0d 0a|Accept-Language|0d 0a|Authorization|0d 0a|Content-Length|0d 0a 0d 0a|"; startswith; http.header; content:"Content-Type|3a 20|octet/binary|0d 0a|Accept|3a 20|*/*|0d 0a|"; fast_pattern; content:"Authorization|3a 20|Basic"; http.host; pcre:"/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a\d{1,5})?$/" ; reference:url,securityblog.s21sec.com/2014/11/dridex-learns-new-trick-p2p-over-http.html ; classtype:command-and-control; sid:2019830; rev:4; metadata:created_at 2014_12_01, signature_severity Major, updated_at 2024_04_07;)
Metadata
created at2014_12_01
signature severityMajor
updated at2024_04_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!