Versions (3)
Version DetailsCurrent
Rev: 3 • Jan 22, 2015, 12:00 PMET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor.TurlaCarbon.A C2 HTTP Request"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"?uid="; content:"&context="; distance:0; content:"&mode=text&"; fast_pattern; distance:0; content:"data="; pcre:"/\?uid=\d+&context=\w+&mode=text&data=\w+$/"; reference:url,blog.gdatasoftware.com/blog/article/analysis-of-project-cobra.html; classtype:command-and-control; sid:2020241; rev:3; metadata:created_at 2015_01_22, signature_severity Major, updated_at 2020_05_14;)
Jan 22, 2015, 12:00 PM
May 14, 2020, 12:00 PM
Jan 22, 2015, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules