Versions (3)
Version DetailsCurrent
Rev: 6 • Apr 26, 2013, 12:00 PMET MALWARE W32/Zbot.Variant CnC Response
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE W32/Zbot.Variant CnC Response"; flow:established,from_server; flowbits:isset,ET.zbot.ua.2106509; http.stat_code; content:"200"; http.header; content:"Content-Length|3a| 0|0d 0a|Content-Type|3a| text/html|0d 0a|"; fast_pattern; http.header_names; content:"Content-Type|0d 0a 0d 0a|"; endswith; reference:md5,0c4d7d9138de7d7919e3b3c33ac2f851; classtype:command-and-control; sid:2018764; rev:6; metadata:created_at 2013_04_26, performance_impact Moderate, signature_severity Major, updated_at 2024_04_08;)
Apr 26, 2013, 12:00 PM
Apr 8, 2024, 12:00 PM
Apr 26, 2013, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules