Rule History

SID: 2018512 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 8 • Jun 2, 2014, 12:00 PM

Message:

ET ADWARE_PUP Adware.MultiInstaller

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ADWARE_PUP Adware.MultiInstaller"; flow:established, to_server; http.method; content:"GET"; http.uri; content:"?s1="; fast_pattern; pcre:"/^\/(?:info|entrance|start|debug)\?s1=[a-f0-9]{100,}$/"; http.header_names; content:!"Referer"; reference:md5,26973eeddb4781225b7c23d2d9cce996; reference:md5,a74b1602a50b9c7d3262e3f80a6a2e68; classtype:pup-activity; sid:2018512; rev:8; metadata:created_at 2014_06_02, signature_severity Minor, updated_at 2020_08_31;)

Created:

Jun 2, 2014, 12:00 PM

Updated:

Aug 31, 2020, 12:00 PM

DB Created:

Jun 2, 2014, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-adware_pup.rules