Versions (5)
Version DetailsCurrent
Rev: 1 • Jun 16, 2022, 12:00 PMET MALWARE Win32/MassLogger FTP Data Exfiltration
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/MassLogger FTP Data Exfiltration"; flow:established,to_server; content:"|3c 7c 7c 20 20|v"; startswith; content:"|20 7c 7c 3e|"; distance:0; content:"User Name|3a 20|"; content:"Windows OS|3a 20|"; content:"MassLogger Started|3a 20|"; content:"Interval|3a 20|"; content:"MassLogger Process|3a 20|"; fast_pattern; reference:md5,b044aefa2e42d7efadf53394442fcca6; classtype:trojan-activity; sid:2037021; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_06_16, deployment Perimeter, malware_family Win32_MassLogger, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_16;)
Jun 16, 2022, 12:00 PM
Jun 16, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 2, 2025, 9:35 PM
rules/emerging-malware.rules