Versions (4)
Version DetailsCurrent
Rev: 9 • Nov 15, 2014, 12:00 PMET MALWARE Windows executable base64 encoded in XML
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Windows executable base64 encoded in XML"; flow:established,from_server; file_data; content:"bin.base64"; nocase; content:"<file"; nocase; content:"<stream"; nocase; content:"<?xml"; nocase; content:"TVqQA"; fast_pattern; pcre:"/^[A-Za-z0-9\s/+]{100}/Rs"; classtype:trojan-activity; sid:2019716; rev:9; metadata:created_at 2014_11_15, confidence High, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Nov 15, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Nov 15, 2014, 12:00 PM
Nov 4, 2025, 10:34 PM
rules/emerging-malware.rules