Versions (5)
Version DetailsCurrent
Rev: 2 • Sep 26, 2022, 12:00 PMET RETIRED Win32/Spy.Delf.QTL Data Exfiltration Attempt
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET RETIRED Win32/Spy.Delf.QTL Data Exfiltration Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"gate"; pcre:"/^[a-f0-9]{12}/R"; content:".php"; endswith; http.header_names; content:!"Referer"; content:!"User-Agent"; http.request_body; content:"text=%0D%0A%3C%2Ftextarea%3E"; fast_pattern; startswith; reference:md5,d7186f603cb439c86bf5f9ee767a62a0; classtype:trojan-activity; sid:2038999; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2022_09_26, deployment Perimeter, former_category MALWARE, malware_family Win32_Spy_Delf_QTL, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_09_18, reviewed_at 2024_09_18;)
Sep 26, 2022, 12:00 PM
Sep 18, 2024, 12:00 PM
Sep 26, 2022, 11:00 PM
Aug 29, 2025, 8:34 PM
rules/emerging-retired.rules