Rule History

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET MALWARE [PTsecurity] Malicious SSL connection (Upatre Downloader CnC) 5"; flow:established,to_client; content:"|1503|"; depth:2; content:"|0020|"; distance:1; within:2; fast_pattern; stream_size:server,>,5000; stream_size:server,<,10069; stream_size:client,>,424; stream_size:client,<,905; flowbits:isset,FB346039_4; flowbits:unset,FB346039_4; classtype:command-and-control; sid:2024778; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_09_27, deployment Perimeter, deprecation_reason False_Positive, malware_family Upatre, performance_impact Moderate, confidence High, signature_severity Major, updated_at 2019_07_26;)