Versions (3)
Version DetailsCurrent
Rev: 4 • Jul 8, 2014, 12:00 PMET MALWARE Downloader.Banload2.KZU Checkin 1
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Downloader.Banload2.KZU Checkin 1"; flow:established,to_server; http.method; content:"POST"; http.header; content:"Accept-Encoding|3a 20|identity|0d 0a|User-Agent|3a 20|Mozilla/3.0 (compatible|3b 20|Indy Library)"; http.request_body; content:"OPC="; nocase; fast_pattern; pcre:"/^OPC=\d/i"; http.header_names; content:!"Referer"; reference:md5,b67e23e4a0248c71b71e73e37d52c906; classtype:command-and-control; sid:2018653; rev:4; metadata:created_at 2014_07_08, signature_severity Major, updated_at 2020_09_24;)
Jul 8, 2014, 12:00 PM
Sep 24, 2020, 12:00 PM
Jul 8, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules