ET MALWARE Perfect Keylogger FTP Initial Install Log Upload (Null obfuscated)

SID: 2008327Rev: 20 viewsHistory

Sourceet/open

CreatedJuly 30, 2010

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Perfect Keylogger FTP Initial Install Log Upload (Null obfuscated)"; flow:established,to_server; content:"C|00|o|00|n|00|g|00|r|00|a|00|t|00|u|00|l|00|a|00|t|00|i|00|o|00|n|00|s|00|!|00| |00|P|00|e|00|r|00|f|00|e|00|c|00|t|00| |00|K|00|e|00|l|00|o|00|g|00|g|00|e|00|r|00| |00|w|00|a|00|s|00| |00|s|00|u|00|c|00|c|00|e|00|s|00|s|00|f|00|u|00|l|00|l|00|y|00| |00|i|00|n|00|s|00|t|00|a|00|l|00|l|00|e|00|d|00|"; classtype:trojan-activity; sid:2008327; rev:2; metadata:created_at 2010_07_30, confidence High, signature_severity Major, updated_at 2019_07_26, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)

Metadata

created at2010_07_30

confidenceHigh

signature severityMajor

updated at2019_07_26

mitre tactic idTA0005

mitre tactic nameDefense_Evasion

mitre technique idT1027

mitre technique nameObfuscated_Files_or_Information

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!