Versions (3)
Version DetailsCurrent
Rev: 1 • Aug 16, 2023, 12:00 PMET MALWARE Win32/TA402 CnC Response M2
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Win32/TA402 CnC Response M2"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"|3c|html|3e 0d 0a 3c|head|3e 3c|title|3e|Response|3c 2f|title|3e 3c 2f|head|3e 0d 0a 3c|body|3e 0d 0a 3c|code|20|id|3d 22|code|22 3e|"; startswith; fast_pattern; classtype:trojan-activity; sid:2049155; rev:1; metadata:attack_target Client_and_Server, created_at 2023_08_16, deployment Perimeter, deployment SSLDecrypt, malware_family Win32_TA402, performance_impact Low, confidence High, signature_severity Critical, tag TA402, updated_at 2023_11_13, reviewed_at 2023_08_16, former_sid 2855111; target:src_ip;)
Aug 16, 2023, 12:00 PM
Nov 13, 2023, 12:00 PM
Nov 13, 2023, 10:00 PM
Sep 13, 2024, 12:00 AM
rules/emerging-malware.rules