Versions (3)
Version DetailsCurrent
Rev: 3 • Feb 26, 2018, 12:00 PMET MALWARE [PTsecurity] QRat.Java.RAT (state_alive)
alert tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"ET MALWARE [PTsecurity] QRat.Java.RAT (state_alive)"; flow:established,to_server; content:"|00 11 7b 22 73 74 61 74 65 22 3a 22 61 6c 69 76 65 22 7d|"; depth:19; endswith; threshold:type both, track by_src, count 10, seconds 30; reference:md5,3ffbde179d54377d55fcac76ebf314cb; reference:url,labsblog.f-secure.com/2016/06/07/qarallax-rat-spying-on-us-visa-applicants/; reference:url,www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-as-a-Service/; classtype:trojan-activity; sid:2025391; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_02_26, deployment Perimeter, malware_family QRat, confidence High, signature_severity Major, tag Qrat, updated_at 2019_09_28;)
Feb 26, 2018, 12:00 PM
Sep 28, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules