Versions (4)
Version DetailsCurrent
Rev: 2 • Feb 17, 2015, 12:00 PMET MALWARE Carbanak APT CnC Beacon 1
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Carbanak APT CnC Beacon 1"; flow:established,to_server; dsize:24; content:"|08|"; depth:1; byte_extract:1,1,Carbanak.Pivot,relative; byte_test:1,!=,Carbanak.Pivot,0,relative; byte_test:1,=,Carbanak.Pivot,3,relative; content:"|00 00 00 02 00 00 00 00 00 00 00 00 00|"; distance:4; within:13; fast_pattern; content:!"|00 00 00|"; within:3; reference:md5,6ae1bb06d10f253116925371c8e3e74b; reference:url,securelist.com/files/2015/02/Carbanak_APT_eng.pdf; classtype:targeted-activity; sid:2020455; rev:2; metadata:attack_target Client_Endpoint, created_at 2015_02_17, deployment Perimeter, confidence High, signature_severity Major, tag c2, updated_at 2019_07_26, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
Feb 17, 2015, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules