Rule History

SID: 2057722 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 1 • Nov 19, 2024, 12:00 PM

Message:

ET MALWARE Strela Stealer CnC Activity

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Strela Stealer CnC Activity"; flow:established,to_server; urilen:7; http.uri; content:"/up.php"; fast_pattern; http.host; pcre:"/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/"; classtype:command-and-control; sid:2057722; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_11_19, deployment Perimeter, malware_family StrelaStealer, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_19;)

Created:

Nov 19, 2024, 12:00 PM

Updated:

Nov 19, 2024, 12:00 PM

DB Created:

Dec 3, 2024, 4:00 PM

DB Updated:

Jul 8, 2025, 9:34 PM

Filename:

rules/emerging-malware.rules