Versions (2)
Version DetailsCurrent
Rev: 9 • Jul 30, 2010, 12:00 PMET MALWARE Haxdoor Reporting User Activity 2
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Haxdoor Reporting User Activity 2"; flow:established,to_server; http.uri; content:"param="; content:"&socksport="; content:"&httpport="; fast_pattern; content:"&uptime"; content:"&uid="; content:"&ver="; reference:md5,e787c4437ff67061983cd08458f71c94; reference:md5,1777f0ffa890ebfcc7587957f2d08dca; reference:md5,d86b9eaf9682d60cb8b928dc6ac40954; reference:md5,0995ecb8bb78f510ae995a50be0c351a; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2003-113016-1420-99&tabid=2; classtype:trojan-activity; sid:2002929; rev:9; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_09_18;)
Jul 30, 2010, 12:00 PM
Sep 18, 2020, 12:00 PM
Jul 30, 2010, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules