Versions (4)
Version DetailsCurrent
Rev: 3 • Feb 28, 2011, 12:00 PMET MALWARE Tatanga Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Tatanga Checkin"; flow:established,to_server; content:"GET"; nocase; http_method; content:".php?build="; http_uri; content:"&id="; http_uri; content:"&SA=1-0"; http_uri; content:"&SP=1-"; http_uri; reference:url,securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html; reference:url,www.sophos.com/security/analyses/viruses-and-spyware/trojtatangac.html; reference:url,support.clean-mx.de/clean-mx/view_joebox.php?md5=4b5eb54de32f86819c638878ac2c7985&id=740958; reference:url,www.malware-control.com/statics-pages/06198e9b72e1bb0c256769c5754ed821.php; classtype:command-and-control; sid:2012391; rev:3; metadata:created_at 2011_02_28, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Feb 28, 2011, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Nov 6, 2025, 10:34 PM
rules/emerging-malware.rules