Versions (4)
Version DetailsCurrent
Rev: 4 • Mar 5, 2013, 12:00 PMET MALWARE W32/Asprox.FakeAV Affiliate Second Stage Download Location Request
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Asprox.FakeAV Affiliate Second Stage Download Location Request"; flow:established,to_server; flowbits:noalert; flowbits:set,ET.asproxfakeav; http.uri; content:"/api/urls/?ts="; content:"&affid="; pcre:"/\x26affid\x3D[0-9]{4,7}$/i"; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf; classtype:trojan-activity; sid:2016530; rev:4; metadata:created_at 2013_03_05, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_13;)
Mar 5, 2013, 12:00 PM
Aug 13, 2020, 12:00 PM
Mar 5, 2013, 12:00 PM
Oct 1, 2025, 9:34 PM
rules/emerging-malware.rules