Versions (3)
Version DetailsCurrent
Rev: 1 • Feb 13, 2024, 12:00 PMET MALWARE PikaBot Java Loader CnC Checkin
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE PikaBot Java Loader CnC Checkin"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/PE1BD/"; fast_pattern; startswith; pcre:"/^\d{6}$/R"; http.user_agent; content:"Java"; startswith; http.accept; content:"text|2f|html|2c 20|image|2f|gif|2c 20|image|2f|jpeg|2c 20 2a 3b 20|q|3d 2e|2|2c 20 2a 2f 2a 3b 20|q|3d 2e|2"; http.connection; content:"keep-alive"; reference:md5,b5daa41dcb91138f2066513aa12fb9f3; classtype:trojan-activity; sid:2050810; rev:1; metadata:attack_target Client_and_Server, created_at 2024_02_13, deployment Perimeter, malware_family PikaBot, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_13; target:src_ip;)Feb 13, 2024, 12:00 PM
Feb 13, 2024, 12:00 PM
Feb 13, 2024, 11:00 PM
Aug 14, 2025, 9:34 PM
rules/emerging-malware.rules