Versions (3)
Version DetailsCurrent
Rev: 7 • Feb 21, 2012, 12:00 PMET MALWARE Backdoor.Win32.RShot HTTP Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor.Win32.RShot HTTP Checkin"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"|3b 20|name=|22|bot_id|22 0d 0a 0d 0a|"; fast_pattern; content:"|3b 20|name=|22|os_version|22 0d 0a 0d 0a|"; distance:0; reference:md5,c0aadd5594d340d8a4909d172017e5d0; classtype:command-and-control; sid:2014269; rev:7; metadata:created_at 2012_02_21, signature_severity Major, updated_at 2020_10_28;)
Feb 21, 2012, 12:00 PM
Oct 28, 2020, 12:00 PM
Feb 21, 2012, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules