Rule History

SID: 2019767 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 5 • Nov 21, 2014, 12:00 PM

Message:

ET MALWARE Rogue.Win32/FakePAV Checkin

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Rogue.Win32/FakePAV Checkin"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/?0="; depth:4; fast_pattern; content:"=i"; pcre:"/^\/\?0=(?:[^&]+?&\d+?=)+?[^=&]+?$/i"; http.header_names; content:!"Referer|0d 0a|"; reference:md5,6829306e92cfa811b12d9b028eb56a2d; classtype:command-and-control; sid:2019767; rev:5; metadata:created_at 2014_11_21, signature_severity Major, updated_at 2020_05_13;)

Created:

Nov 21, 2014, 12:00 PM

Updated:

May 13, 2020, 12:00 PM

DB Created:

Nov 21, 2014, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-malware.rules