Versions (2)
Version DetailsCurrent
Rev: 4 • Nov 24, 2014, 12:00 PMET MALWARE CoinVault POST M1
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE CoinVault POST M1"; flow:established,to_server; urilen:1; http.method; content:"POST"; http.request_body; content:"hwid="; depth:5; content:"&func="; fast_pattern; pcre:"/^hwid=[A-F0-9]{4}(?:-[A-F0-9]{4}){7}&func=/"; http.header_names; content:!"User-Agent"; content:!"Accept"; content:!"Referer"; reference:url,securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/; reference:md5,8e1bdc1c484bc03880c67424d80e351d; classtype:trojan-activity; sid:2019776; rev:4; metadata:created_at 2014_11_24, signature_severity Major, updated_at 2020_09_28;)
Nov 24, 2014, 12:00 PM
Sep 28, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules