Versions (4)
Version DetailsCurrent
Rev: 6 • May 13, 2014, 12:00 PMET MALWARE Possible Backdoor.Adwind Download 2
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Backdoor.Adwind Download 2"; flow:established,from_server; flowbits:isset,ET.http.javaclient; file_data; content:"Adwin"; pcre:"/^[a-z0-9_-]*?\.class/Rsi"; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2013-070113-1904-99&tabid=3; reference:url,www.crowdstrike.com/blog/adwind-rat-rebranding/index.html; classtype:trojan-activity; sid:2018465; rev:6; metadata:created_at 2014_05_13, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
May 13, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 1, 2025, 9:34 PM
rules/emerging-malware.rules