Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32.Blackbeard Downloader"; flow:established,to_server; http.uri; content:"/load"; content:"p="; content:"&t="; pcre:"/[\?&]p=\d&t=\d(&|$)/"; http.user_agent; content:"IE"; depth:2; endswith; fast_pattern; reference:md5,2f6f13eced7fce495168059530246d77; reference:url,blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/; classtype:trojan-activity; sid:2018110; rev:7; metadata:created_at 2014_01_23, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_14;)