Versions (2)
Version DetailsCurrent
Rev: 6 • Jun 6, 2023, 12:00 PM🐾 - 🚨 RedLine Stealer 💀 establishing communication to C2 - Leak 🚱
alert tcp any any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 RedLine Stealer 💀 establishing communication to C2 - Leak 🚱"; flow:to_server, stateless; content:"|24 68 74 74 70 3a 2f 2f|"; content:"|2f 4d 53 56 61 6c 75 65|"; content:"|4d 53 56 61 6c 75 65|"; content:"|56 02 0b 01 73 04 0b 01 61 06 56 08 44 0a|"; fast_pattern; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer; reference:url,https://twitter.com/Jane_0sint/status/1663543454092386307?s=20; reference:url,https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf; target:src_ip; metadata:affected_product Windows_XP_Vista_7_8_10_11_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_06_06, updated_at 2024_07_14; sid:3300725; rev:6; classtype:credential-theft;)
Jun 6, 2023, 12:00 PM
Jul 14, 2024, 12:00 PM
Feb 21, 2024, 4:00 PM
May 29, 2025, 11:12 PM
rules/PAW-PATRULES_MALWARES.rules