Versions (3)
Version DetailsCurrent
Rev: 16 • Jul 3, 2014, 12:00 PMET MALWARE Common Upatre Header Structure 2
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Common Upatre Header Structure 2"; flow:established,to_server; http.method; content:"GET"; http.user_agent; content:!"Taitus"; content:!"Sling/"; content:!"Updexer/"; content:!"Lightworks"; http.host; content:!"sophosupd.com"; content:!"sophosupd.net"; http.accept; content:"text/*,|20|application/*"; endswith; fast_pattern; http.header_names; content:"|0d 0a|Accept|0d 0a|User-Agent|0d 0a|Host"; depth:26; classtype:trojan-activity; sid:2018635; rev:16; metadata:created_at 2014_07_03, deprecation_reason Relevance, signature_severity Major, updated_at 2024_03_07, reviewed_at 2024_03_07;)
Jul 3, 2014, 12:00 PM
Mar 7, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules