ET MALWARE Win32/Htbot.B Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedJanuary 5, 2015
UpdatedMarch 27, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Htbot.B Checkin"; flow:established,to_server ; http.uri; content:".php?command="; fast_pattern; pcre:"/\.php\?command=(?:g(?:hl|et(?:ip|id|backconnect))|update2?|dl|log)(?:$|&)/" ; http.user_agent; bsize:2; content:"pb"; reference:md5,bdd2328d466e563a650bb7ccdb9aca79 ; reference:md5,ba1404af71ecf3ca8b0e30a2b365f6fd ; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FHtbot.B ; classtype:command-and-control; sid:2020089; rev:8; metadata:created_at 2015_01_05, malware_family Win32_Htbot_B, signature_severity Major, updated_at 2024_03_27;)
References
| md5 | bdd2328d466e563a650bb7ccdb9aca79 |
| md5 | ba1404af71ecf3ca8b0e30a2b365f6fd |
| url | www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FHtbot.B |
Metadata
created at2015_01_05
malware familyWin32_Htbot_B
signature severityMajor
updated at2024_03_27
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!