ET MALWARE Bandok phoning home (xor by 0xe9 to decode)

SID: 2003936Rev: 40 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET 1024:65535 (msg:"ET MALWARE Bandok phoning home (xor by 0xe9 to decode)"; flow:established,to_server; content:"|CF 8F 80 9B 9A 9D CF 95|"; depth:8; dsize:<80; reference:url,www.dshield.org/diary.html?date=2007-03-28; reference:url,www.secureworks.com/research/threats/bbbphish/?threat=bbbphish; classtype:trojan-activity; sid:2003936; rev:4; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

urlwww.dshield.org/diary.html?date=2007-03-28
urlwww.secureworks.com/research/threats/bbbphish/?threat=bbbphish

Metadata

created at2010_07_30
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!