ET MALWARE Shady Rat/HTran style HTTP Header Pattern Request UHCa and Google MSIE UA

SID: 2016429Rev: 51 views
History
Sourceet/open
CreatedAugust 5, 2011
UpdatedMarch 17, 2022
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Shady Rat/HTran style HTTP Header Pattern Request UHCa and Google MSIE UA"; flow:established,to_server; content:" HTTP/1.1|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Win32|3b|Google|3b|)|0d 0a|Host|3a| "; fast_pattern; content:"|0d 0a|Cache-Control|3a| no-cache|0d 0a 0d 0a|"; within:70; reference:url,www.secureworks.com/research/threats/htran/; classtype:trojan-activity; sid:2016429; rev:5; metadata:created_at 2011_08_05, signature_severity Major, updated_at 2022_03_17;)

References

urlwww.secureworks.com/research/threats/htran/

Metadata

created at2011_08_05
signature severityMajor
updated at2022_03_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!