Versions (3)
Version DetailsCurrent
Rev: 1 • Mar 17, 2023, 12:00 PMET MALWARE Golang/Linux Kaiji Variant Activity
alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Golang/Linux Kaiji Variant Activity"; flow:established,to_server; dsize:200<>260; content:"|5e 57 26 61 37 72 25 38 67 50 33 71 38 49 6e 6d 70 42 52 63 25 73 67 43 64 6f 7a 54 74 32 34 72 66 69 32 58 35 45 38 54 6b 75 48 23 5a 30 4d 35 57 45|"; startswith; fast_pattern; reference:md5,69eb788e6982a765472eb77c5c697688; reference:md5,630a21057c70a10fcf1162846d05e245; reference:md5,416e1a8b5b998a8290abe090a5e5ece8; reference:url,twitter.com/suyog41/status/1636329384947720196; classtype:trojan-activity; sid:2044667; rev:1; metadata:attack_target Linux_Unix, created_at 2023_03_17, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_17; target:src_ip;)
Mar 17, 2023, 12:00 PM
Mar 17, 2023, 12:00 PM
Mar 17, 2023, 9:00 PM
Aug 25, 2025, 9:35 PM
rules/emerging-malware.rules