Rule History

SID: 2012882 • Source: et/open

Versions (5)

Version DetailsCurrent

Rev: 4 • May 27, 2011, 12:00 PM

Message:

ET MALWARE Backdoor.Win32.Poison.AU checkin

Rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor.Win32.Poison.AU checkin"; flow:established,to_server; content:"|4D 53 47 20 35 20 4E 20 31 33 30 0D 0A 4D 49 4d 45 2d 56 65 72 73 69 6f 6e 3a 20 31 2e 30 0d 0a|"; depth:32; fast_pattern; content:"|f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6|"; reference:md5,4b8adc7612e984d12b77f197c59827a2; classtype:command-and-control; sid:2012882; rev:4; metadata:created_at 2011_05_27, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

Created:

May 27, 2011, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Oct 23, 2025, 9:34 PM

Filename:

rules/emerging-malware.rules