Versions (3)
Version DetailsCurrent
Rev: 4 • Sep 19, 2011, 12:00 PMET MALWARE Win32.Riberow.A (mkdir)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32.Riberow.A (mkdir)"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"/mkdir.php?dir="; fast_pattern; http.header_names; content:"|0d 0a|Host|0d 0a|Pragma|0d 0a|Accept|0d 0a 0d 0a|"; depth:26; endswith; reference:md5,c55fe941b80b3e5e77be8728642d138e; classtype:trojan-activity; sid:2013669; rev:4; metadata:created_at 2011_09_19, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_28;)
Sep 19, 2011, 12:00 PM
Oct 28, 2020, 12:00 PM
Sep 19, 2011, 12:00 PM
Oct 13, 2025, 9:34 PM
rules/emerging-malware.rules