Versions (3)
Version DetailsCurrent
Rev: 3 • Nov 4, 2014, 12:00 PMET MALWARE DirectsX Checkin Response
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE DirectsX Checkin Response"; flow:established,from_server; stream_size:server,<,30; dsize:25; content:"|19 00 00 00|"; offset:17; depth:4; content:!"|00 00|"; within:2; content:!"|ff ff|"; within:2; content:!"_loc"; reference:url,public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf; classtype:command-and-control; sid:2019633; rev:3; metadata:created_at 2014_11_04, signature_severity Major, updated_at 2022_05_11;)
Nov 4, 2014, 12:00 PM
May 11, 2022, 12:00 PM
Nov 4, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules