Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win64/Vabushky.A Malicious driver download"; flow:established,to_server; http.uri; content:".bmp.gz"; fast_pattern; pcre:"/\/[a-z]{2,3}\/(?:\d{3,4}x\d{3,4}|default)\.bmp\.gz$/i"; reference:url,welivesecurity.com/2013/08/27/the-powerloader-64-bit-update-based-on-leaked-exploits/; classtype:trojan-activity; sid:2017377; rev:4; metadata:created_at 2013_08_27, malware_family Win64_Vabushky_A, signature_severity Major, updated_at 2020_09_20;)