Versions (3)
Version DetailsCurrent
Rev: 3 • Apr 16, 2012, 12:00 PMET MALWARE OS X Backdoor Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE OS X Backdoor Checkin"; flow:established,to_server; http.header; content:"Accept-Encoding|3a 20|base64,gzip"; fast_pattern; content:"|20|Mac|20|OS|20|X|3a|"; reference:url,www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Exploits_Targeted_Attacks_and_Possible_APT_link; classtype:command-and-control; sid:2014564; rev:3; metadata:created_at 2012_04_16, signature_severity Major, updated_at 2020_04_21;)
Apr 16, 2012, 12:00 PM
Apr 21, 2020, 12:00 PM
Apr 16, 2012, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules