Versions (4)
Version DetailsCurrent
Rev: 7 • Jul 30, 2010, 12:00 PMET MALWARE General Win32 Backdoor Checkin POST
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE General Win32 Backdoor Checkin POST"; flow:established,to_server; flowbits:isset,ET.bd1; http.request_body; content:"Admin="; depth:6; content:"&UserName="; content:"&IsProxy="; classtype:command-and-control; sid:2009241; rev:7; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_21;)
Jul 30, 2010, 12:00 PM
Apr 21, 2020, 12:00 PM
Jul 30, 2010, 12:00 PM
Oct 13, 2025, 9:34 PM
rules/emerging-malware.rules