Versions (3)
Version DetailsCurrent
Rev: 8 • Mar 26, 2014, 12:00 PMET MALWARE Saker UA
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Saker UA"; flow:established,to_server; http.user_agent; content:"Mozilla/"; depth:8; content:"|20|MSIE|20|"; distance:0; content:"|3b 20|Wis NT|20|"; distance:0; fast_pattern; content:"|3b 20|.NET CLR|20|"; distance:0; reference:url,www.fireeye.com/blog/technical/malware-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html; reference:md5,b362f833c9d6e5bed19aeec5a5b868ea; classtype:trojan-activity; sid:2018321; rev:8; metadata:created_at 2014_03_26, deprecation_reason Age, signature_severity Major, updated_at 2024_02_21, reviewed_at 2024_02_21;)
Mar 26, 2014, 12:00 PM
Feb 21, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules