ET MALWARE FTP File Upload - BlackPOS Naming Scheme - Suricata Rule 2018115 (et/open)

ET MALWARE FTP File Upload - BlackPOS Naming Scheme

SID: 2018115Rev: 10 viewsHistory

Sourceet/open

CreatedFebruary 12, 2014

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert tcp $HOME_NET any -> $EXTERNAL_NET 21 (msg:"ET MALWARE FTP File Upload - BlackPOS Naming Scheme"; flow:established,to_server; content:"STOR "; depth:5; content:".txt"; pcre:"/data_\d{4}_\d{1,2}_\d{1,2}_\d{1,2}_\d{1,2}\.txt/"; reference:url,www.cyphort.com/blog/cyphort-tracks-down-new-variants-of-target-malware/; classtype:trojan-activity; sid:2018115; rev:1; metadata:created_at 2014_02_12, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

url	www.cyphort.com/blog/cyphort-tracks-down-new-variants-of-target-malware/

Metadata

created at2014_02_12

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!