Versions (4)
Version DetailsCurrent
Rev: 5 • Apr 4, 2014, 12:00 PMET CURRENT_EVENTS Win32.RBrute http server request
alert http any any -> any 80 (msg:"ET CURRENT_EVENTS Win32.RBrute http server request"; flow:to_server,established; flowbits:set,ET.Rbrute.incoming; http.user_agent; content:"BlackBerry9000/5.0.0.93 Profile/MIDP-2.0 Configuration/CLDC-2.1 VendorID/831"; fast_pattern; nocase; reference:md5,f8ff430aee52da3b4b1759700be9aead; reference:url,www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/; classtype:trojan-activity; sid:2018355; rev:5; metadata:created_at 2014_04_04, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_23;)
Apr 4, 2014, 12:00 PM
Sep 23, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 13, 2025, 9:34 PM
rules/emerging-current_events.rules