##################################################### # MalSilo Suricata URL rules set # ##################################################### # # # Dataset generated @ 2022-12-01 11:30:04 (UTC) # # # # Use these rules at your own risk, for any # # re-publishing or integration into other # # datasets please contact malsilo [at] tuta .io # # # ##################################################### # # alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (tasker) Detected"; flow:established,to_server; content:"clipper.guru"; http_host; depth:12; fast_pattern; content:"/bot/online"; nocase; depth:11; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000012; rev:1; metadata: tag peexe32,tag pegui,tag assembly, created_at 2022_12_01, malware_family tasker, updated_at 2022_12_01;) alert http any any -> $EXTERNAL_NET any (msg:"MalSilo MALWARE (tasker) Detected"; flow:established,to_server; content:"clipper.guru"; http_host; depth:12; fast_pattern; content:"/bot/regex"; nocase; depth:10; http_uri; reference: url,malsilo.gitlab.io/feeds/dumps/master-feed.json; classtype:trojan-activity; sid:5000013; rev:1; metadata: tag peexe32,tag pegui,tag assembly, created_at 2022_12_01, malware_family tasker, updated_at 2022_12_01;)