Versions (3)
Version DetailsCurrent
Rev: 6 • Jul 24, 2014, 12:00 PMET MALWARE Dridex/Bugat/Feodo GET Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Dridex/Bugat/Feodo GET Checkin"; flow:established,to_server; urilen:>25; http.method; content:"GET"; http.header; content:"Content-Type|3a 20|octet/binary|0d 0a|Accept|3a 20|*/*|0d 0a|"; fast_pattern; http.host; pcre:"/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\x3a\d{1,5})$/"; http.header_names; content:"|0d 0a|Host|0d 0a|Connection|0d 0a|User-Agent|0d 0a|Content-Type|0d 0a|Accept|0d 0a|Accept-Language|0d 0a 0d 0a|"; bsize:73; http.content_type; content:"octet/binary"; bsize:13; reference:md5,2ddb6cb347eb7939545a1801c72f1f3f; classtype:command-and-control; sid:2018772; rev:6; metadata:created_at 2014_07_24, signature_severity Major, updated_at 2020_05_12;)
Jul 24, 2014, 12:00 PM
May 12, 2020, 12:00 PM
Jul 24, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules