Versions (5)
Version DetailsCurrent
Rev: 2 • Oct 14, 2014, 12:00 PMET MALWARE Possible SandWorm INF Download (UNICODE)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible SandWorm INF Download (UNICODE)"; flow:to_client,established; file_data; content:"S|00|o|00|f|00|t|00|w|00|a|00|r|00|e|00 5c 00|M|00|i|00|c|00|r|00|o|00|s|00|o|00|f|00|t|00 5c 00|W|00|i|00|n|00|d|00|o|00|w|00|s|00 5c 00|C|00|u|00|r|00|r|00|e|00|n|00|t|00|V|00|e|00|r|00|s|00|i|00|o|00|n|00 5c 00|R|00|u|00|n|00|"; nocase; content:"7|00|E|00|B|00|E|00|F|00|B|00|C|00|0|00 2d 00|3|00|2|00|0|00|0|00 2d 00|1|00|1|00|d|00|2|00 2d 00|B|00|4|00|C|00|2|00 2d 00|0|00|0|00|A|00|0|00|C|00|9|00|6|00|9|00|7|00|D|00|1|00|7"; nocase; content:"C|00|l|00|a|00|s|00|s|00|G|00|u|00|i|00|d|00|"; nocase; content:"D|00|e|00|f|00|a|00|u|00|l|00|t|00|I|00|n|00|s|00|t|00|a|00|l|00|l|00|"; nocase; classtype:attempted-user; sid:2019397; rev:2; metadata:created_at 2014_10_14, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Oct 14, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 17, 2025, 8:36 PM
rules/emerging-malware.rules