Versions (3)
Version DetailsCurrent
Rev: 11 • May 13, 2014, 12:00 PMET MALWARE possible OneLouder header structure
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE possible OneLouder header structure"; flow:to_server,established; flowbits:set,ET.OneLouder.Header; flowbits:noalert; http.header; content:"Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b 20|Windows NT 6.0|3b|)|0d 0a|Host|3a|"; fast_pattern; http.header_names; content:!"Accept-Encoding|0d 0a|"; content:!"Referer|0d 0a|"; classtype:trojan-activity; sid:2018463; rev:11; metadata:created_at 2014_05_13, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_28;)
May 13, 2014, 12:00 PM
Oct 28, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 30, 2025, 9:36 PM
rules/emerging-malware.rules