Versions (2)
Version DetailsCurrent
Rev: 1 • Jul 5, 2024, 12:00 PMET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4"; flow:established,to_server; urilen:<15; http.method; content:"POST"; http.uri; content:"/upload.php"; endswith; fast_pattern; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; nocase; http.request_body; content:"filename=|22|"; content:"|2e|bin|22 0d 0a|"; reference:url,community.emergingthreats.net/t/cryptbot-stealer-update-on-rules/790/3; classtype:trojan-activity; sid:2054350; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_07_05, deployment Perimeter, malware_family Cryptbot, performance_impact Moderate, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_07_05;)
Jul 5, 2024, 12:00 PM
Jul 5, 2024, 12:00 PM
Jul 5, 2024, 10:01 PM
Aug 11, 2025, 10:35 PM
rules/emerging-malware.rules