Versions (3)
Version DetailsCurrent
Rev: 1 • Jan 24, 2024, 12:00 PMET MALWARE [ANY.RUN] RadX RAT Check-In (POST)
alert http $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE [ANY.RUN] RadX RAT Check-In (POST)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/add_user"; endswith; fast_pattern; http.content_type; content:"application/json|3b 20|charset=utf-8"; bsize:31; http.header_names; content:!"User-Agent"; content:!"Referer"; content:!"Accept"; http.request_body; content:"|22|video_card|22 3a 22|"; content:"|22|windows_version|22 3a 22|"; content: "|22|processor|22 3a 22|"; content:"|22|ram|22 3a|"; content:!"|22|"; within:1; reference:md5,f0bc8d8a0ecd2ff441c9a24f907bd9db; reference:url,app.any.run/tasks/4fdde064-e353-4325-81ef-d85b22ee0f90; classtype:trojan-activity; sid:2050419; rev:1; metadata:attack_target Client_Endpoint, created_at 2024_01_24, deployment Perimeter, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_24, reviewed_at 2024_03_25; target:src_ip;)
Jan 24, 2024, 12:00 PM
Jan 24, 2024, 12:00 PM
Jan 24, 2024, 11:00 PM
Aug 14, 2025, 9:34 PM
rules/emerging-malware.rules