Versions (3)
Version DetailsCurrent
Rev: 8 • Sep 12, 2014, 12:00 PMET MALWARE Tinba Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Tinba Checkin"; flow:established,to_server; flowbits:set,ET.Tinba.Checkin; content:"|0d 0a 0d 0a|"; content:!"|00 00 00 00|"; within:4; content:!"|FF FF FF FF|"; within:4; byte_extract:4,0,Tinba.Pivot,relative; byte_test:4,=,Tinba.Pivot,16,relative; byte_test:4,!=,Tinba.Pivot,4,relative; http.method; content:"POST"; http.content_len; byte_test:0,>,99,0,string,dec; http.start; content:"/|20|HTTP/1.0|0d 0a|Host|3a 20|"; fast_pattern; http.header_names; content:"|0d 0a|Host|0d 0a|Content-Length|0d 0a 0d 0a|"; depth:26; endswith; reference:md5,1e644fe146f62bd2fc585b8df6712ff6; classtype:command-and-control; sid:2019168; rev:8; metadata:created_at 2014_09_12, performance_impact Moderate, signature_severity Major, updated_at 2024_04_08;)
Sep 12, 2014, 12:00 PM
Apr 8, 2024, 12:00 PM
Sep 12, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules