Versions (4)
Version DetailsCurrent
Rev: 6 • May 17, 2013, 12:00 PMET MALWARE Book of Eli CnC Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Book of Eli CnC Checkin"; flow:to_server,established; http.method; content:"POST"; nocase; http.header; content:"CharSet|3a 20|windows-1256|0d 0a|"; http.request_body; content:"id_serial="; depth:10; content:"&id_cpu="; content:"&go_and_fuck_this_life="; content:"&system__="; fast_pattern; content:"&hard_id="; http.header_names; content:!"User-Agent|0d 0a|"; reference:url,blog.eset.ie/2016/09/22/malware-in-libya-book-of-eli-african-targeted-attacks/; reference:md5,25e5744979b365dc58cce23d377b3835; reference:md5,d22857cebad4200c3b1e8ec17836b451; reference:url,www.virustotal.com/en/file/faa20341f7a7277114f5c61e5013b9871ab2b0356f383b6798013ce333a30ae5/analysis/; classtype:command-and-control; sid:2023254; rev:6; metadata:created_at 2013_05_17, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_09;)
May 17, 2013, 12:00 PM
Oct 9, 2020, 12:00 PM
May 17, 2013, 12:00 PM
Feb 9, 2026, 10:34 PM
rules/emerging-malware.rules