Versions (4)
Version DetailsCurrent
Rev: 3 • Sep 4, 2014, 12:00 PMET MALWARE HighTide trojan Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE HighTide trojan Checkin"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"/?"; depth:2; pcre:"/^\/\?\d(?:[A-Za-z0-9~_]{4})*(?:[A-Za-z0-9~_]{2}--|[A-Za-z0-9~_]{3}-|[A-Za-z0-9~_]{4})$/"; http.header; content:"Trident/5.0|29 0d 0a|"; fast_pattern; http.referer; content:"http://www.google.com/"; bsize:22; reference:md5,6e59861931fa2796ee107dc27bfdd480; reference:url,fireeye.com/blog/technical/botnet-activities-research/2014/09/darwins-favorite-apt-group-2.html; classtype:command-and-control; sid:2019113; rev:3; metadata:created_at 2014_09_04, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_04;)
Sep 4, 2014, 12:00 PM
May 4, 2020, 12:00 PM
Sep 4, 2014, 12:00 PM
Oct 9, 2025, 9:35 PM
rules/emerging-malware.rules