Versions (3)
Version DetailsCurrent
Rev: 4 • Dec 14, 2012, 12:00 PMET MALWARE Faked Russian Opera UA without Accept - probable downloader
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Faked Russian Opera UA without Accept - probable downloader"; flow:established,to_server; flowbits:set,et.exploitkitlanding; http.header_names; content:!"Accept|0d 0a|"; http.user_agent; content:"Opera/9.80"; depth:10; content:"Edition Yx|3b| ru"; fast_pattern; distance:0; classtype:trojan-activity; sid:2016034; rev:4; metadata:created_at 2012_12_14, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_24;)
Dec 14, 2012, 12:00 PM
Apr 24, 2020, 12:00 PM
Dec 14, 2012, 12:00 PM
Nov 4, 2025, 10:34 PM
rules/emerging-malware.rules