Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Hikit Server Authentication Response"; flow:established; content:"ETag|3a 20|"; content:"75BCD15"; fast_pattern; pcre:"/^ETag\x3a\x20\x22\d+75BCD15\d+\x3a[a-f0-9]{1,6}/mi"; reference:url,www.novetta.com/files/9914/1446/8050/Hikit_Analysis-Final.pdf; classtype:trojan-activity; sid:2019621; rev:3; metadata:created_at 2014_10_31, malware_family Win32_Hikit, signature_severity Major, updated_at 2019_10_08;)