Versions (3)
Version DetailsCurrent
Rev: 3 • Sep 26, 2023, 12:00 PMET MALWARE Possible ToneShell CnC Checkin M2
alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET ![80,443,444,3128,4339,8001,8080,8443,9001,54443] (msg:"ET MALWARE Possible ToneShell CnC Checkin M2"; flow:established,to_server; dsize:<500; content:"|17 03 03|"; fast_pattern; startswith; byte_jump:2,0,relative,post_offset 31; isdataat:!2,relative; reference:url,www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html; classtype:trojan-activity; sid:2048264; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2023_09_26, deployment Perimeter, deprecation_reason Performance, performance_impact Significant, confidence Low, signature_severity Major, updated_at 2023_09_28, reviewed_at 2023_09_27; target:src_ip;)
Sep 26, 2023, 12:00 PM
Sep 28, 2023, 12:00 PM
Sep 26, 2023, 9:00 PM
Sep 13, 2024, 3:01 PM
rules/emerging-malware.rules