Versions (4)
Version DetailsCurrent
Rev: 2 • Aug 11, 2023, 12:00 PMET MALWARE MacOS/Adload CnC Beacon
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MacOS/Adload CnC Beacon"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/a/rep"; bsize:6; fast_pattern; http.host; content:"m."; startswith; http.user_agent; content:"|20 28|unknown|20|version|29 20|CFNetwork|2f|"; http.content_type; content:"charset=utf-8"; bsize:13; http.request_body; content:"smc"; startswith; content:"$"; distance:7; within:1; isdataat:200,relative; threshold:type limit, count 1, seconds 600, track by_dst; reference:url,cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload; classtype:trojan-activity; sid:2047628; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2023_08_11, deployment Perimeter, malware_family Adload, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_08_28;)
Aug 11, 2023, 12:00 PM
Aug 28, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 19, 2025, 9:35 PM
rules/emerging-malware.rules