Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Haxdoor Reporting User Activity"; flow:established,to_server; http.uri; content:".php?"; nocase; content:"lang="; nocase; content:"&socksport="; nocase; content:"&httpport="; nocase; content:"&ver="; nocase; reference:url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HAXDOOR.DI; reference:md5,e787c4437ff67061983cd08458f71c94; reference:md5,d86b9eaf9682d60cb8b928dc6ac40954; reference:md5,1777f0ffa890ebfcc7587957f2d08dca; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2003-113016-1420-99&tabid=2; classtype:trojan-activity; sid:2002790; rev:11; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_09_04;)