ET MALWARE Win32/Htbot.B Checkin
Sourceet/open
CreatedJanuary 5, 2015
UpdatedOctober 5, 2020
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Htbot.B Checkin"; flow:to_server,established; http.uri; content:".php?command="; fast_pattern; pcre:"/\.php\?command=(?:g(?:hl|et(?:ip|id|backconnect))|update2?|dl|log)(?:$|&)/"; http.user_agent; content:"pb"; bsize:2; reference:md5,bdd2328d466e563a650bb7ccdb9aca79; reference:md5,ba1404af71ecf3ca8b0e30a2b365f6fd; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FHtbot.B; classtype:command-and-control; sid:2020089; rev:6; metadata:created_at 2015_01_05, malware_family Win32_Htbot_B, signature_severity Major, updated_at 2020_10_05;)
References
| md5 | bdd2328d466e563a650bb7ccdb9aca79 |
| md5 | ba1404af71ecf3ca8b0e30a2b365f6fd |
| url | www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FHtbot.B |
Metadata
created at2015_01_05
malware familyWin32_Htbot_B
signature severityMajor
updated at2020_10_05
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!