Versions (3)
Version DetailsCurrent
Rev: 1 • Jul 19, 2024, 12:00 PMET MALWARE Win32/Kryptik_AGen.DOP C2 Checkin
alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Kryptik_AGen.DOP C2 Checkin"; flow:established,to_server; dsize:<30; content:"|b7|"; startswith; content:"|b6 ec e0 ec|"; endswith; fast_pattern; threshold:type limit, seconds 30, count 1, track by_src; reference:md5,c8e6cd1fb6f5dfe1ab548024a7f67043; classtype:command-and-control; sid:2054620; rev:1; metadata:attack_target Client_Endpoint, created_at 2024_07_19, deployment Perimeter, malware_family Win32_Kryptik_AGen_DOP, confidence High, signature_severity Major, tag c2, updated_at 2024_07_19, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
Jul 19, 2024, 12:00 PM
Jul 19, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-malware.rules