Rule History

SID: 2018325 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 3 • Mar 26, 2014, 12:00 PM

Message:

ET MALWARE Bozok.RAT checkin

Rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET MALWARE Bozok.RAT checkin"; flow:to_server; content:"|00 00 00|"; offset:1; depth:4; content:"|00 7C 00|"; within:32; content:"|00 7C 00|"; within:32; content:"|00 7C 00|"; within:64; content:"|00 7C 00|"; within:12; content:"|00 7C 00|"; within:5; content:"|00 7C 00|0|00 7c 00|2|00|"; within:32; reference:md5,a45d3564d1fa27161b33712f035a5962; reference:url,www.fireeye.com/blog/technical/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html; classtype:command-and-control; sid:2018325; rev:3; metadata:created_at 2014_03_26, signature_severity Major, updated_at 2019_07_26;)

Created:

Mar 26, 2014, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Mar 26, 2014, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-malware.rules