ET MALWARE Win32/Zeprox.B Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedJanuary 16, 2015
UpdatedApril 28, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Zeprox.B Checkin"; flow:established,to_server ; http.method; content:"GET"; http.uri; content:".php?a=n|60|e|3e|"; fast_pattern; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; content:"|0d 0a|proxy-connection|0d 0a|"; http.content_len; byte_test:0,=,0,0,string,dec ; reference:md5,bc27f28e5fe47b78202fd3108d39aac1 ; reference:md5,38c89cca7806fde08bba82b3cb533e5a ; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3AWin32/Zeprox.B ; classtype:command-and-control; sid:2020203; rev:10; metadata:created_at 2015_01_16, malware_family Win32_Zeprox_B, signature_severity Major, updated_at 2024_04_28;)
References
| md5 | bc27f28e5fe47b78202fd3108d39aac1 |
| md5 | 38c89cca7806fde08bba82b3cb533e5a |
| url | www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3AWin32/Zeprox.B |
Metadata
created at2015_01_16
malware familyWin32_Zeprox_B
signature severityMajor
updated at2024_04_28
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!