Versions (3)
Version DetailsCurrent
Rev: 5 • Apr 14, 2015, 12:00 PMET MALWARE Win32/Ruckguv.A Requesting Payload
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Ruckguv.A Requesting Payload"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/id.exe"; fast_pattern; http.user_agent; content:"MSIE"; http.header_names; content:!"Referer|0d 0a|"; reference:md5,227365242cc97fa611fdac295b732d82; reference:md5,b9eec5be1d2f5d0007bd94fdd8c7ea57; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3801; classtype:trojan-activity; sid:2020910; rev:5; metadata:created_at 2015_04_14, malware_family Win32_Ruckguv_A, signature_severity Major, updated_at 2020_09_30;)
Apr 14, 2015, 12:00 PM
Sep 30, 2020, 12:00 PM
Apr 14, 2015, 12:00 PM
Sep 16, 2024, 11:00 PM
rules/emerging-malware.rules