Versions (4)
Version DetailsCurrent
Rev: 1 • Oct 26, 2015, 12:00 PMET MALWARE Duuzer Checkin
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Duuzer Checkin"; flow:established,to_server; content:"|32 a3 56 bb 47 4f 32 00|"; depth:8; fast_pattern; content:"|30 b9 00 00|"; distance:3; within:4; reference:url,symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers; reference:md5,cd7a72be9c16c2ece1140bc461d6226d; classtype:command-and-control; sid:2022000; rev:1; metadata:created_at 2015_10_26, confidence Medium, signature_severity Major, updated_at 2019_07_26;)
Oct 26, 2015, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules