Versions (2)
Version DetailsCurrent
Rev: 1 • May 21, 2024, 12:00 PMET MALWARE Winnti CnC Activity (Inbound)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Winnti CnC Activity (Inbound)"; flow:established,to_client; content:"|38 34 38 39 32 33 4a 4e 4e 57 57 41|"; offset:4; depth:12; reference:url,twitter.com/naumovax/status/1792902386295394629; classtype:trojan-activity; sid:2052805; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_05_21, deployment Perimeter, malware_family Winnti, confidence High, signature_severity Critical, updated_at 2024_05_21;)
May 21, 2024, 12:00 PM
May 21, 2024, 12:00 PM
May 21, 2024, 10:00 PM
May 21, 2024, 10:00 PM
rules/emerging-malware.rules