Versions (2)
Version DetailsCurrent
Rev: 6 • Jan 26, 2013, 12:00 PMET MALWARE Mashigoom/Tranwos/RevProxy ClickFraud - hello
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Mashigoom/Tranwos/RevProxy ClickFraud - hello"; flow:established,to_server; threshold:type both,track by_src,seconds 60,count 1; dsize:<150; content:"hello/"; depth:6; content:"/"; within:3; distance:2; content:"/"; pcre:"/^hello\/[0-9]\.[0-9]\/[0-9]{3}/"; classtype:trojan-activity; sid:2016292; rev:6; metadata:created_at 2013_01_26, signature_severity Major, updated_at 2019_07_26;)
Jan 26, 2013, 12:00 PM
Jul 26, 2019, 12:00 PM
Jan 26, 2013, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules