ET MALWARE Common Upatre Header Structure 3
Sourceet/open
Fileemerging-malware.rules
CreatedJanuary 23, 2015
UpdatedApril 14, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Common Upatre Header Structure 3"; flow:established,to_server ; http.method; content:"GET"; http.header; content:!"Taitus"; pcre:"/^Accept\x3a\x20text\/\*,\x20application\/\*\r\nUser-Agent\x3a\x20[^\r\n]+\r\n(?:Pragma|Cache-Control)\x3a\x20no-cache\r\nConnection\x3a Keep-Alive\r\nHost\x3a[^\r\n]+?\r\n(?:\r\n)?$/" ; http.user_agent; content:!"Mozilla"; depth:7; http.accept; content:"text/*,|20|application/*" ; startswith; http.header_names; content:"|0d 0a|Accept|0d 0a|User-Agent|0d 0a|"; fast_pattern; content:"|0d 0a|Connection|0d 0a|Host|0d 0a 0d 0a|"; classtype:trojan-activity; sid:2020295; rev:10; metadata:created_at 2015_01_23, performance_impact Significant, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_14;)
Metadata
created at2015_01_23
performance impactSignificant
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!