ET MALWARE Bozok.RAT checkin

SID: 2018325Rev: 30 views
History
Sourceet/open
CreatedMarch 26, 2014
UpdatedJuly 26, 2019
Classificationcommand-and-control
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET MALWARE Bozok.RAT checkin"; flow:to_server; content:"|00 00 00|"; offset:1; depth:4; content:"|00 7C 00|"; within:32; content:"|00 7C 00|"; within:32; content:"|00 7C 00|"; within:64; content:"|00 7C 00|"; within:12; content:"|00 7C 00|"; within:5; content:"|00 7C 00|0|00 7c 00|2|00|"; within:32; reference:md5,a45d3564d1fa27161b33712f035a5962; reference:url,www.fireeye.com/blog/technical/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html; classtype:command-and-control; sid:2018325; rev:3; metadata:created_at 2014_03_26, signature_severity Major, updated_at 2019_07_26;)

References

md5
a45d3564d1fa27161b33712f035a5962
Google SearchBrave Search
urlwww.fireeye.com/blog/technical/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html

Metadata

created at2014_03_26
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!