Rule History

SID: 2018154 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 3 • Feb 19, 2014, 12:00 PM

Message:

ET MALWARE Win32.Hack.PcClient.g CnC (OUTBOUND) XOR b5

Rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32.Hack.PcClient.g CnC (OUTBOUND) XOR b5"; flow:to_server,established; content:"|d0 cd d0 db d4 d8 d0|"; content:"|d9 da d2 dc db|"; distance:0; content:"|d1 da d6 d8 d1|"; distance:0; content:"|dd da c6 c1 db d4 d8 d0|"; fast_pattern; distance:0; content:"|c2 dc db d1 da c2 c6|"; distance:0; reference:md5,dfd6b93dac698dccd9ef565a172123f3; classtype:command-and-control; sid:2018154; rev:3; metadata:created_at 2014_02_19, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

Created:

Feb 19, 2014, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-malware.rules