Versions (3)
Version DetailsCurrent
Rev: 3 • Jun 10, 2015, 12:00 PMET MALWARE Poweliks Clickfraud CnC M1
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Poweliks Clickfraud CnC M1"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"/query?version="; fast_pattern; content:"&sid="; distance:0; content:"&builddate="; distance:0; content:"&q="; distance:0; reference:url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/evolution-of-poweliks.pdf; reference:md5,e13234077f513208238203108df30ff4; classtype:command-and-control; sid:2021226; rev:3; metadata:created_at 2015_06_10, signature_severity Major, updated_at 2020_08_04;)
Jun 10, 2015, 12:00 PM
Aug 4, 2020, 12:00 PM
Jun 10, 2015, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules