Versions (4)
Version DetailsCurrent
Rev: 8 • Jan 23, 2015, 12:00 PMET MALWARE Common Upatre Header Structure 3
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Common Upatre Header Structure 3"; flow:to_server,established; http.method; content:"GET"; http.header; content:!"Taitus"; pcre:"/^Accept\x3a\x20text\/\*,\x20application\/\*\r\nUser-Agent\x3a\x20[^\r\n]+\r\n(?:Pragma|Cache-Control)\x3a\x20no-cache\r\nConnection\x3a Keep-Alive\r\nHost\x3a[^\r\n]+?\r\n(?:\r\n)?$/"; http.user_agent; content:!"Mozilla"; depth:7; http.accept; content:"text/*,|20|application/*"; depth:21; http.header_names; content:"|0d 0a|Accept|0d 0a|User-Agent|0d 0a|"; fast_pattern; content:"|0d 0a|Connection|0d 0a|Host|0d 0a 0d 0a|"; classtype:trojan-activity; sid:2020295; rev:8; metadata:created_at 2015_01_23, performance_impact Significant, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_08;)
Jan 23, 2015, 12:00 PM
Apr 8, 2024, 12:00 PM
Jan 23, 2015, 12:00 PM
Oct 1, 2025, 9:34 PM
rules/emerging-malware.rules