Rule History

SID: 2020345 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 5 • Feb 3, 2015, 12:00 PM

Message:

ET MALWARE ArcDoor Intial Checkin

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE ArcDoor Intial Checkin"; flow:established,to_server; urilen:1; http.method; content:"POST"; http.header; content:"Content-Length|3a 20|28|0d 0a|"; fast_pattern; http.request_body; pcre:"/^[a-z0-9]{11}=\d{16}$/"; http.header_names; content:!"Accept"; reference:md5,71bae4762a6d2c446584f1ae991a8fbe; classtype:command-and-control; sid:2020345; rev:5; metadata:created_at 2015_02_03, signature_severity Major, updated_at 2020_10_28;)

Created:

Feb 3, 2015, 12:00 PM

Updated:

Oct 28, 2020, 12:00 PM

DB Created:

Feb 3, 2015, 12:00 PM

DB Updated:

Sep 10, 2024, 1:01 PM

Filename:

rules/emerging-malware.rules