#####################################################
#         MalSilo Suricata URL rules set            #
#####################################################
#                                                   #
# Dataset generated @ 2022-12-01 11:30:04 (UTC)     #
#                                                   #
# Use these rules at your own risk, for any         #
# re-publishing or integration into other           #
# datasets please contact malsilo [at] tuta .io     #
#                                                   #
#####################################################
#
#

alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (tasker) Detected"; flow:established,to_server; content:"clipper.guru"; http_host; depth:12; fast_pattern; content:"/bot/online"; nocase; depth:11; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000012; rev:1; metadata: tag peexe32,tag pegui,tag assembly, created_at 2022_12_01, malware_family tasker, updated_at 2022_12_01;)
alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (tasker) Detected"; flow:established,to_server; content:"clipper.guru"; http_host; depth:12; fast_pattern; content:"/bot/regex"; nocase; depth:10; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000013; rev:1; metadata: tag peexe32,tag pegui,tag assembly, created_at 2022_12_01, malware_family tasker, updated_at 2022_12_01;)