Versions (2)
Version DetailsCurrent
Rev: 1 • Mar 18, 2014, 12:00 PMET MALWARE MultiThreat/Winspy.RAT FTP File Download Command
alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"ET MALWARE MultiThreat/Winspy.RAT FTP File Download Command"; flow:established,to_server; dsize:>0; content:"/CD |5C 5C 5C|"; depth:9; pcre:"/^(?:(?:PCACTIV|ONLIN)ETIME|WEBSITE[DS]|CHATROOM|KEYLOGS)/Ri"; reference:url,www.fireeye.com/blog/technical/2014/03/from-windows-to-droids-an-insight-in-to-multi-vector-attack-mechanisms-in-rats.html; classtype:trojan-activity; sid:2018294; rev:1; metadata:created_at 2014_03_18, signature_severity Major, updated_at 2019_07_26;)
Mar 18, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules