Versions (3)
Version DetailsCurrent
Rev: 4 • May 16, 2012, 12:00 PMET MALWARE Trojan.BAT.Qhost Response from Controller
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Trojan.BAT.Qhost Response from Controller"; flow:established,from_server; flowbits:isset,ETPRO.Trojan.BAT.Qhost; content:"Set-Cookie|3a| ci_session="; content:"session_id"; distance:0; content:"ip_address"; distance:0; content:"user_agent"; distance:0; content:"last_activity"; distance:0; content:"user_data"; distance:0; reference:md5,f6e1583aca310c4c0d55db1dae942b2b; classtype:trojan-activity; sid:2014759; rev:4; metadata:created_at 2012_05_16, signature_severity Major, updated_at 2019_07_26;)
May 16, 2012, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules