Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 10, 2024, 12:00 PMET MALWARE ClearFake User-Agent Observed
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE ClearFake User-Agent Observed"; flow:established,to_server; http.user_agent; bsize:112; content:"Mozilla|2f|5|2e|0|20 28|Windows|20|NT|20|10|2e|0|3b 20|Win64|3b 20|x64|29 20|AppleWebKit|2f|537|2e|36|20 28|KHTML|2c 20|like|20|Gecko|29 20|Chrome|2f|0x17000000|20|Safari|2f|537|2e|36"; reference:md5,b3b735852084909f82121fd6fbbdeb68; classtype:trojan-activity; sid:2053417; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_06_10, deployment Perimeter, deployment SSLDecrypt, malware_family ClearFake, confidence Medium, signature_severity Major, tag c2, tag compromised_website, updated_at 2024_06_10, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol;)
Jun 10, 2024, 12:00 PM
Jun 10, 2024, 12:00 PM
Jun 10, 2024, 9:00 PM
Jun 10, 2024, 9:00 PM
rules/emerging-malware.rules