Versions (4)
Version DetailsCurrent
Rev: 1 • Mar 8, 2024, 12:00 PMET MALWARE Magnet Goblin Linux Nerbian RAT Trigger Sequence from CnC Server
alert tcp-pkt $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Magnet Goblin Linux Nerbian RAT Trigger Sequence from CnC Server"; flow:established, to_client; content:"4r3f0"; startswith; fast_pattern; reference:url,research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/; classtype:trojan-activity; sid:2051561; rev:1; metadata:affected_product Linux, attack_target Linux_Unix, tls_state plaintext, created_at 2024_03_08, deployment Perimeter, malware_family Nerbian_RAT_Linux, malware_family Magnet_Goblin, performance_impact Low, confidence High, signature_severity Major, tag Nerbian_RAT_Linux, tag Magnet_Goblin, updated_at 2024_03_08, reviewed_at 2025_07_14;)
Mar 8, 2024, 12:00 PM
Mar 8, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Jul 14, 2025, 9:34 PM
rules/emerging-malware.rules