Versions (3)
Version DetailsCurrent
Rev: 5 • May 17, 2011, 12:00 PMET MALWARE Backdoor.Win32.VB.Alsci/Dragon Eye RAT Checkin (sending user info)
alert tcp $HOME_NET 1023: -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Backdoor.Win32.VB.Alsci/Dragon Eye RAT Checkin (sending user info)"; flow:to_server,established; content:"Auth"; nocase; depth:4; content:" @ "; within:128; content:"|5C 23 2F|"; within:128; content:"|5C 23 2F|"; within:32; content:"|5C 23 2F|"; fast_pattern; within:20; reference:md5,37207835e128516fe17af3dacc83a00c; reference:md5,e7d9bc670d69ad8a6ad2784255324eec; classtype:command-and-control; sid:2016913; rev:5; metadata:created_at 2011_05_17, signature_severity Major, updated_at 2019_07_26;)
May 17, 2011, 12:00 PM
Jul 26, 2019, 12:00 PM
May 17, 2011, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules