ET MALWARE QuickBooks Pop-Up Scam - Download Locations ResponseSource: et/open
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE QuickBooks Pop-Up Scam - Download Locations Response"; flow:established,to_client; http.response_body; content:"|7b 22|status|22 3a|200|2c 22|message|22 3a 22|success|22 2c 22|response|22 3a 5b|"; startswith; fast_pattern; content:"software|5f|name|22 3a 22|QuickBooks|20|"; distance:0; reference:md5,2254df2f656b76071da28131b4eca9c4; reference:url,www.esentire.com/blog/threat-actors-using-fake-quickbooks-software-to-scam-organizations; classtype:command-and-control; sid:2049222; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_11_16, deployment Perimeter, former_category MALWARE, performance_impact Low, confidence High, signature_severity Critical, updated_at 2023_11_16; target:dest_ip;)
Reference
md5Search Brave for 2254df2f656b76071da28131b4eca9c4
md5Search Google for 2254df2f656b76071da28131b4eca9c4
URLhttp://www.esentire.com/blog/threat-actors-using-fake-quickbooks-software-to-scam-organizations
Metadata
attack_targetClient_Endpoint
created_at2023_11_16
deploymentPerimeter
former_categoryMALWARE
performance_impactLow
confidenceHigh
signature_severityCritical
updated_at2023_11_16