Versions (3)
Version DetailsCurrent
Rev: 9 • Jul 30, 2010, 12:00 PMET MALWARE FAKE AV HTTP CnC Post
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE FAKE AV HTTP CnC Post"; flow:established,to_server; http.method; content:"POST"; nocase; http.user_agent; content:"Mozilla/3.0 (compatible|3b 20|TALWinInetHTTPClient)"; depth:46; http.request_body; content:"action="; nocase; content:"uid="; nocase; content:"cnt="; nocase; content:"lng="; nocase; content:"type="; nocase; content:"user_id="; nocase; content:"pc_id="; nocase; content:"abbr="; nocase; classtype:command-and-control; sid:2009455; rev:9; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_10_14;)
Jul 30, 2010, 12:00 PM
Oct 14, 2020, 12:00 PM
Jul 30, 2010, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules