Versions (4)
Version DetailsCurrent
Rev: 11 • Jun 15, 2015, 12:00 PMET MALWARE Gatak CnC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Gatak CnC"; flow:established,to_server; http.uri; content:"/report"; depth:7; fast_pattern; pcre:"/^\/report[0-9]?_(?:v[0-9])?[A-Z]?[A-F0-9_-]+_[0-9]{1,3}_(?:st(?:arted|ep)|already|mark|p(?:rocess|a(?:ge|yload))|watch2|http|image|gdiplus|crc|DIRRR|finished|(?:ex(cept|ecuted)))/i"; http.user_agent; content:"Mozilla/4.0 (compatible|3b 20|MSIE 8.0|3b 20|Windows NT 5.1|3b 20|Trident/4.0)"; http.header_names; content:!"Accept"; content:!"Referer"; reference:md5,636a911cc059415963da7009277bae17; reference:url,www.secureworks.com/cyber-threat-intelligence/threats/stegoloader-a-stealthy-information-stealer/; classtype:command-and-control; sid:2021268; rev:11; metadata:created_at 2015_06_15, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_18;)
Jun 15, 2015, 12:00 PM
Aug 18, 2020, 12:00 PM
Jun 15, 2015, 12:00 PM
Dec 15, 2025, 10:34 PM
rules/emerging-malware.rules