Rule History

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Dyreza RAT Checkin Response"; flow:established,to_client; content:"|a5 46 da 53 0a 00 68 00 65 00 6c 00 6c 00 6f|"; offset:4; depth:15; reference:md5,b61145a54698753cecf8748359c9d81e; reference:url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/; classtype:command-and-control; sid:2018596; rev:3; metadata:created_at 2014_06_12, confidence High, signature_severity Major, updated_at 2019_07_26;)