Versions (2)
Version DetailsCurrent
Rev: 1 • Dec 22, 2025, 12:00 PMET MALWARE Executable Downloaded From Common Payload Delivery Host (GET)
alert http $HOME_NET any -> 62.60.226.0/24 any (msg:"ET MALWARE Executable Downloaded From Common Payload Delivery Host (GET)"; flow:established,to_server; http.method; content:"GET"; http.uri; pcre:"/\x2e(?:dll|exe)$/"; http.header_names; content:!"|0d 0a|referer|0d 0a|"; nocase; http.host; bsize:<16; content:"62.60.226."; startswith; fast_pattern; classtype:trojan-activity; sid:2066440; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_12_22, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, updated_at 2025_12_22, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1105, mitre_technique_name Ingress_Tool_Transfer; target:src_ip;)
Dec 22, 2025, 12:00 PM
Dec 22, 2025, 12:00 PM
Dec 22, 2025, 10:34 PM
Apr 21, 2026, 9:34 PM
rules/emerging-malware.rules