Rule History

SID: 2018115 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 1 • Feb 12, 2014, 12:00 PM

Message:

ET MALWARE FTP File Upload - BlackPOS Naming Scheme

Rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET 21 (msg:"ET MALWARE FTP File Upload - BlackPOS Naming Scheme"; flow:established,to_server; content:"STOR "; depth:5; content:".txt"; pcre:"/data_\d{4}_\d{1,2}_\d{1,2}_\d{1,2}_\d{1,2}\.txt/"; reference:url,www.cyphort.com/blog/cyphort-tracks-down-new-variants-of-target-malware/; classtype:trojan-activity; sid:2018115; rev:1; metadata:created_at 2014_02_12, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

Created:

Feb 12, 2014, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Nov 3, 2025, 10:34 PM

Filename:

rules/emerging-malware.rules