Versions (2)
Version DetailsCurrent
Rev: 5 • Mar 26, 2015, 12:00 PMET MALWARE Win32.Chroject.B ClickFraud Request
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32.Chroject.B ClickFraud Request"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"/item/fmt?ct="; depth:13; fast_pattern; http.referer; pcre:"/^http\x3a\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/[a-z_-]+\/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})\r?$/i"; reference:md5,586ad13656f4595723b481d77b6bfb09; classtype:trojan-activity; sid:2020750; rev:5; metadata:created_at 2015_03_26, signature_severity Major, updated_at 2020_05_19;)
Mar 26, 2015, 12:00 PM
May 19, 2020, 12:00 PM
Mar 26, 2015, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules