Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor.Win32.Agent.bjjv Checkin"; flow:established,to_server; http.uri; content:"/wakeup/access.php"; fast_pattern; http.user_agent; content:"UPHTTP"; depth:6; reference:md5,06ba10a49c8cea32a51f0bbe8f5073f1; reference:url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf; classtype:command-and-control; sid:2016864; rev:5; metadata:created_at 2013_05_21, signature_severity Major, updated_at 2020_09_18;)