Versions (3)
Version DetailsCurrent
Rev: 4 • Mar 15, 2012, 12:00 PMET MALWARE Trojan-Spy.Win32.Zbot.djrm Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Trojan-Spy.Win32.Zbot.djrm Checkin"; flow:established,to_server; http.uri; content:"/index.html?mac="; content:"&ver="; content:"&os="; content:"&dtime="; fast_pattern; http.user_agent; bsize:5; content:"baidu"; reference:md5,b895249cce7d2c27cb9c480feb36560c; reference:md5,f70a5f52d4c0071963602c25b62865cb; classtype:command-and-control; sid:2014399; rev:4; metadata:created_at 2012_03_15, signature_severity Major, updated_at 2024_02_14;)
Mar 15, 2012, 12:00 PM
Feb 14, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules