Versions (4)
Version DetailsCurrent
Rev: 5 • May 4, 2015, 12:00 PMET MALWARE Linux.Mumblehard Initial Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Linux.Mumblehard Initial Checkin"; flow:to_server,established; urilen:1; http.method; content:"GET"; http.user_agent; content:"Mozilla/5.0 (Windows NT 6.1|3b 20|rv|3a|7.0.1) Gecko/20100101 Firefox/7.0.1"; fast_pattern; depth:67; http.host; pcre:"/^(?:\d{1,3}\.){3}\d{1,3}/"; http.connection; content:"close"; nocase; http.header_names; content:"|0d 0a|Host|0d 0a|User-Agent|0d 0a|Accept|0d 0a|Accept-Language|0d 0a|Accept-Encoding|0d 0a|Accept-Charset|0d 0a|Connection|0d 0a 0d 0a|"; depth:92; reference:url,www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf; reference:md5,86f0b0b74fe8b95b163a1b31d76f7917; classtype:command-and-control; sid:2021051; rev:5; metadata:created_at 2015_05_04, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_28;)
May 4, 2015, 12:00 PM
Oct 28, 2020, 12:00 PM
May 4, 2015, 12:00 PM
Nov 3, 2025, 10:34 PM
rules/emerging-malware.rules