Versions (5)
Version DetailsCurrent
Rev: 3 • Jun 13, 2015, 12:00 PMET MALWARE Win32/Chinad Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Chinad Checkin"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"/api/?a="; depth:8; fast_pattern; http.host; pcre:"/^(?:\d{1,3}\.){3}\d{1,3}$/"; reference:url,blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-chinese-users-part-2; reference:md5,5a454c795eccf94bf6213fcc4ee65e6d; classtype:command-and-control; sid:2021262; rev:3; metadata:created_at 2015_06_13, malware_family Win32_Chinad, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_22;)
Jun 13, 2015, 12:00 PM
May 22, 2020, 12:00 PM
Jun 13, 2015, 12:00 PM
Nov 17, 2025, 10:34 PM
rules/emerging-malware.rules