Rule History

SID: 2018351 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 2 • Apr 3, 2014, 12:00 PM

Message:

ET MALWARE Upatre SSL Compromised site kionic

Rule:

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET MALWARE Upatre SSL Compromised site kionic"; flow:established,to_client; content:"|55 04 03|"; content:"|0a|kionic.com"; distance:1; within:11; nocase; reference:url,blog.malwaremustdie.org/2014/04/upatre-downloading-gmo-is-back-to-ssl.html; classtype:trojan-activity; sid:2018351; rev:2; metadata:created_at 2014_04_03, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

Created:

Apr 3, 2014, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Oct 10, 2025, 8:34 PM

Filename:

rules/emerging-malware.rules