ET MALWARE Netwire RAT Check-in

SID: 2018427Rev: 62 views
History
Sourceet/open
CreatedApril 28, 2014
UpdatedAugust 9, 2022
Classificationtrojan-activity
alert tcp $EXTERNAL_NET ![22,23,25,80,139,443,445] -> $HOME_NET any (msg:"ET MALWARE Netwire RAT Check-in"; flow:established,to_client; stream_size:server,<,72; dsize:69; content:"|41 00 00 00 05|"; depth:5; flowbits:isset,ET.NetwireRAT.Client; reference:url,www.circl.lu/pub/tr-23/; reference:url,unit42.paloaltonetworks.com/new-release-decrypting-netwire-c2-traffic/; classtype:trojan-activity; sid:2018427; rev:6; metadata:attack_target Client_Endpoint, created_at 2014_04_28, deployment Perimeter, malware_family Netwire_RAT, signature_severity Major, updated_at 2022_08_09, reviewed_at 2024_03_06;)

References

urlwww.circl.lu/pub/tr-23/
urlunit42.paloaltonetworks.com/new-release-decrypting-netwire-c2-traffic/

Metadata

attack targetClient_Endpoint
created at2014_04_28
deploymentPerimeter
malware familyNetwire_RAT
signature severityMajor
updated at2022_08_09
reviewed at2024_03_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!