Versions (4)
Version DetailsCurrent
Rev: 7 • Dec 12, 2012, 12:00 PMET MALWARE W32/KeyLogger.ACQH!tr Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/KeyLogger.ACQH!tr Checkin"; flow:to_server,established; http.uri; content:".php?cn"; content:"&str="; fast_pattern; content:"&file="; pcre:"/\.php\?cn(ame)?=/"; http.user_agent; content:"WinInetGet/"; depth:11; reference:md5,eddce1a6c0cc0eb7b739cb758c516975; reference:md5,c0d9352ad82598362a426cd38a7ecf0e; reference:url,www.fortiguard.com/av/VID4225990; reference:url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf; classtype:command-and-control; sid:2016912; rev:7; metadata:created_at 2012_12_12, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_08;)
Dec 12, 2012, 12:00 PM
Oct 8, 2020, 12:00 PM
Dec 12, 2012, 12:00 PM
Oct 20, 2025, 3:34 PM
rules/emerging-malware.rules