Versions (3)
Version DetailsCurrent
Rev: 1 • Nov 21, 2023, 12:00 PMET MALWARE TA404 Comebacker Related Activity (POST)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TA404 Comebacker Related Activity (POST)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/upload.asp"; endswith; fast_pattern; http.header_names; content:"|0d 0a|Content-Type|0d 0a|Connection|0d 0a|"; startswith; content:!"Referer"; http.cookie; content:"ASPSESSIONID"; content:!"="; within:8; reference:md5,d8a8cc25bf5ef5b96ff7a64f663cbd29; classtype:trojan-activity; sid:2049276; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_11_21, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_11_21; target:src_ip;)
Nov 21, 2023, 12:00 PM
Nov 21, 2023, 12:00 PM
Nov 21, 2023, 10:00 PM
Aug 18, 2025, 8:35 PM
rules/emerging-malware.rules