EveBox Rules

🐾 - 🚨 RedLine Stealer 💀 communication to C2 - Leak 🚱Source: woundride/pawpatrules

alert tcp any any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 RedLine Stealer 💀 communication to C2 - Leak 🚱"; flow:to_server, stateless; content:"|68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f|"; content:"|40 0d 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 08 03 6e 73 31|"; fast_pattern; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer; reference:url,https://twitter.com/Jane_0sint/status/1663543454092386307?s=20; reference:url,https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf; target:src_ip; metadata:affected_product Windows_XP_Vista_7_8_10_11_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_11_18, updated_at 2023_11_18; sid:3301090; rev:1; classtype:trojan-activity;)

Reference
URL	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
URL	https://twitter.com/Jane_0sint/status/1663543454092386307?s=20
URL	https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf

Metadata
affected_product	Windows_XP_Vista_7_8_10_11_Server_32_64_Bit
attack_target	Client_Endpoint
created_at	2023_11_18
updated_at	2023_11_18