Versions (5)
Version DetailsCurrent
Rev: 4 • Jun 21, 2019, 12:00 PMET MALWARE Win32/Plurox Backdoor CnC Checkin
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Plurox Backdoor CnC Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; endswith; fast_pattern; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:command-and-control; sid:2027506; rev:4; metadata:created_at 2019_06_21, malware_family Win32_Plurox, confidence Medium, signature_severity Major, updated_at 2020_11_11;)
Jun 21, 2019, 12:00 PM
Nov 11, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules