Versions (4)
Version DetailsCurrent
Rev: 3 • Apr 4, 2013, 12:00 PMET MALWARE W32/BaneChant.APT Winword.pkg Redirect
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE W32/BaneChant.APT Winword.pkg Redirect"; flow:established,to_client; http.stat_code; content:"301"; http.stat_msg; content:"Moved Permanently"; http.location; content:"/update/winword.pkg"; reference:url,www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html; classtype:targeted-activity; sid:2016713; rev:3; metadata:created_at 2013_04_04, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_23;)
Apr 4, 2013, 12:00 PM
Apr 23, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 24, 2025, 9:34 PM
rules/emerging-malware.rules