Versions (4)
Version DetailsCurrent
Rev: 2 • Mar 11, 2022, 12:00 PMET MALWARE Successful Cobalt Strike Shellcode Download (x64) M2
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M2"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"|fc 48 83 e4 f0 e8 c0 00 00 00 41 51 41 50|"; startswith; fast_pattern; reference:md5,a133c9d87aa58e8cb1a6c0f413bf5dbd; reference:url,github.com/giMini/PowerMemory/blob/master/PowerProcess/Inject-ShellCodeInProcess.ps1; reference:url,cisa.gov/uscert/ncas/alerts/aa21-265a; classtype:trojan-activity; sid:2035443; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_03_11, deployment Perimeter, malware_family Cobalt_Strike, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_11, reviewed_at 2023_10_16;)
Mar 11, 2022, 12:00 PM
Mar 11, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 5, 2025, 9:34 PM
rules/emerging-malware.rules