Versions (3)
Version DetailsCurrent
Rev: 3 • Dec 28, 2023, 12:00 PMET MALWARE Suspected FIN7/Carbanak Related Payload C2 Downloader (GET)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Suspected FIN7/Carbanak Related Payload C2 Downloader (GET)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"?av="; offset:74; content:"&domain="; fast_pattern; content:"&os="; content:"&m="; http.header_names; content:!"|0d 0a|User-Agent|0d 0a|"; nocase; classtype:trojan-activity; sid:2049867; rev:3; metadata:attack_target Client_Endpoint, created_at 2023_12_28, deployment Perimeter, performance_impact Moderate, confidence Medium, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_18; target:src_ip;)
Dec 28, 2023, 12:00 PM
Apr 18, 2024, 12:00 PM
Dec 28, 2023, 10:00 PM
Aug 15, 2025, 8:34 PM
rules/emerging-malware.rules