Versions (3)
Version DetailsCurrent
Rev: 2 • Oct 1, 2020, 12:00 PMET MALWARE TA428 Infostealer CnC Host Checkin
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TA428 Infostealer CnC Host Checkin"; flow:established,to_server; content:"|54 0b 54|"; offset:16; depth:3; fast_pattern; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|08 00|"; distance:0; content:"|01|"; endswith; reference:md5,a5a4046989fa0f99c2076aec3ea0ab2a; reference:url,vblocalhost.com/uploads/VB2020-20.pdf; classtype:targeted-activity; sid:2030939; rev:2; metadata:attack_target Client_Endpoint, created_at 2020_10_01, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, updated_at 2020_10_01;)
Oct 1, 2020, 12:00 PM
Oct 1, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-malware.rules