Versions (3)
Version DetailsCurrent
Rev: 5 • Dec 18, 2014, 12:00 PMET MALWARE Mera Keylogger POSTing keystrokes
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Mera Keylogger POSTing keystrokes"; flow:established,to_server; urilen:14; http.method; content:"POST"; http.uri; content:"/log/index.php"; fast_pattern; http.request_body; content:"text="; depth:5; http.header_names; content:!"User-Agent|0d 0a|"; content:!"Accept"; content:!"Referer|0d 0a|"; reference:url,techhelplist.com/index.php/spam-list/695-financial-statement-malware; classtype:trojan-activity; sid:2019965; rev:5; metadata:created_at 2014_12_18, signature_severity Major, updated_at 2020_10_12;)
Dec 18, 2014, 12:00 PM
Oct 12, 2020, 12:00 PM
Dec 18, 2014, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules