Versions (2)
Version DetailsCurrent
Rev: 7 • Aug 28, 2013, 12:00 PMET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1"; flow:established,to_server; urilen:9; http.method; content:"POST"; http.uri; content:"/is-ready"; fast_pattern; nocase; reference:md5,d2e799904582f03281060689f5447585; reference:url,www.menlosecurity.com/hubfs/pdfs/Menlo_Houdini_Report%20WEB_R.pdf; classtype:command-and-control; sid:2017516; rev:7; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2013_08_28, deployment Perimeter, malware_family Houdini, malware_family H_worm, performance_impact Low, signature_severity Major, updated_at 2020_10_12;)
Aug 28, 2013, 12:00 PM
Oct 12, 2020, 12:00 PM
Aug 28, 2013, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-malware.rules