Versions (4)
Version DetailsCurrent
Rev: 1 • Apr 27, 2022, 12:00 PMET MALWARE TraderTraitor dafom CnC Checkin M1 (POST)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TraderTraitor dafom CnC Checkin M1 (POST)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/oauth/checkupdate.php"; content:"os="; content:"email="; http.user_agent; content:"dafom"; nocase; fast_pattern; reference:url,gist.github.com/travisbgreen/01e1fdf239a9d302b14584bc82f68a2a; reference:url,www.cisa.gov/uscert/ncas/alerts/aa22-108a; classtype:trojan-activity; sid:2036408; rev:1; metadata:created_at 2022_04_27, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_04_27;)
Apr 27, 2022, 12:00 PM
Apr 27, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 3, 2025, 8:34 PM
rules/emerging-malware.rules