Versions (4)
Version DetailsCurrent
Rev: 4 • Nov 6, 2014, 12:00 PMET MALWARE Win32/Spy.Banker.ABCG Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Spy.Banker.ABCG Checkin"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".php"; http.header; content:!"Referer|3a|"; http.user_agent; content:"Mozilla/3.0 (compatible|3b| Indy Library)"; depth:38; http.request_body; content:"act="; depth:4; content:"&atom="; distance:0; fast_pattern; content:"&id="; distance:0; reference:md5,acad4be4c587b9db9f39268cc4c0c192; reference:md5,b07a6a590c729fcd47ebce37fdd6c90b; classtype:command-and-control; sid:2019653; rev:4; metadata:created_at 2014_11_06, malware_family Win32_Spy_Banker_ABCG, signature_severity Major, updated_at 2020_05_13;)
Nov 6, 2014, 12:00 PM
May 13, 2020, 12:00 PM
Nov 6, 2014, 12:00 PM
Sep 16, 2024, 11:00 PM
rules/emerging-malware.rules