Rule History

SID: 2020470 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 10 • Feb 18, 2015, 12:00 PM

Message:

ET MALWARE Dridex POST Retrieving Second Stage

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Dridex POST Retrieving Second Stage"; flow:established,to_server; http.host; pcre:"/^[^\r\n\x20]+\x20[a-z]/i"; http.request_body; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/"; http.request_line; content:"POST / HTTP/1.1"; fast_pattern; http.content_len; byte_test:0,>=,190,0,string,dec; reference:md5,6948d4f22e8d57369988be219ab70335; classtype:trojan-activity; sid:2020470; rev:10; metadata:created_at 2015_02_18, signature_severity Major, updated_at 2023_03_17;)

Created:

Feb 18, 2015, 12:00 PM

Updated:

Mar 17, 2023, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-malware.rules