ET MALWARE [PTsecurity] Win32/TinyNuke Payload ACF40 Inbound

SID: 2024513Rev: 60 views
History
Sourceet/open
CreatedAugust 2, 2017
UpdatedAugust 17, 2020
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE [PTsecurity] Win32/TinyNuke Payload ACF40 Inbound"; flow:established,to_client; flowbits:isset,ET.TinyNuke; http.stat_code; content:"200"; http.content_type; content:"text|2F|html"; startswith; file.data; byte_extract:8,896,byte0; byte_extract:8,904,byte1; byte_extract:8,912,byte2; byte_extract:8,920,byte3; byte_extract:8,928,byte4; byte_test:8,=,byte0,936; byte_test:8,!=,byte0,944; byte_test:8,=,byte1,944; byte_test:8,!=,byte1,952; byte_test:8,=,byte2,952; byte_test:8,!=,byte2,960; byte_test:8,=,byte3,960; byte_test:8,=,byte4,968; content:!"MZ"; depth:2; pcre:"/[\x80-\xff]{16}/"; reference:url,github.com/ptresearch/AttackDetection; classtype:trojan-activity; sid:2024513; rev:6; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_08_02, deployment Perimeter, malware_family TinyNuke, performance_impact Moderate, confidence High, signature_severity Major, updated_at 2020_08_17;)

References

urlgithub.com/ptresearch/AttackDetection

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_Endpoint
created at2017_08_02
deploymentPerimeter
malware familyTinyNuke
performance impactModerate
confidenceHigh
signature severityMajor
updated at2020_08_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!