Versions (3)
Version DetailsCurrent
Rev: 1 • Apr 27, 2022, 12:00 PMET MALWARE TraderTraitor dafom CnC Checkin M2 (POST)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TraderTraitor dafom CnC Checkin M2 (POST)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/update/"; content:"os="; content:"email="; http.user_agent; content:"dafom"; nocase; fast_pattern; reference:url,gist.github.com/travisbgreen/01e1fdf239a9d302b14584bc82f68a2a; reference:url,www.cisa.gov/uscert/ncas/alerts/aa22-108a; classtype:trojan-activity; sid:2036409; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_04_27, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2022_04_27;)
Apr 27, 2022, 12:00 PM
Apr 27, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-malware.rules