Rule History

SID: 5000012 • Source: malsilo/win-malware

Versions (2)

Rev: 1

Jun 12, 2025, 7:35 PM

Current

Rev: 1

May 29, 2025, 11:31 PM

Archived

Version Details

Rev: 1 • Jan 27, 2022, 12:00 PM

Message:

MalSilo MALWARE (tasker) Detected

Rule:

alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (tasker) Detected"; flow:established,to_server; content:"clipper.guru"; http_host; depth:12; fast_pattern; content:"/bot/online"; nocase; depth:11; http_uri; reference:url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000012; rev:1; metadata:tag peexe32, tag pegui, tag assembly, created_at 2022_12_01, malware_family tasker, updated_at 2022_12_01;)

Created:

Jan 27, 2022, 12:00 PM

Updated:

Dec 1, 2022, 12:00 PM

DB Created:

Jan 27, 2022, 12:00 PM

DB Updated:

May 29, 2025, 11:31 PM

Archived:

Jun 12, 2025, 6:34 PM

Filename:

malsilo-url.rules