Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Stabuniq Checkin"; flow:to_server,established; http.request_body; content:"id="; depth:3; content:"&varname="; content:"&comp="; content:"&ver="; content:"&xid="; reference:url,www.symantec.com/connect/blogs/trojanstabuniq-found-financial-institution-servers; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2012-121809-2437-99&tabid=2; reference:url,contagiodump.blogspot.com/2012/12/dec-2012-trojanstabuniq-samples.html; classtype:command-and-control; sid:2016130; rev:4; metadata:created_at 2012_12_29, signature_severity Major, updated_at 2020_04_23;)