ET MALWARE Win32/Formgrabber Data Exfil

SID: 2024781Rev: 30 views
History
Sourceet/open
CreatedSeptember 28, 2017
UpdatedAugust 12, 2020
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/Formgrabber Data Exfil"; flow:established,to_server; http.method; content:"POST"; http.uri; content:".php"; http.request_body; content:"c="; depth:2; content:"&v="; distance:0; content:"&h="; distance:0; content:"&t="; fast_pattern; distance:0; pcre:"/^c=[A-F0-9]{10,}&v=[^&]+&h=[^&]+&t=[0-9]$/si"; http.header_names; content:!"Referer|0d 0a|"; reference:md5,cb066c5625aa85957d6b8d4caef4e497; reference:url,thisissecurity.stormshield.com/2017/09/28/analyzing-form-grabber-malware-targeting-browsers; classtype:trojan-activity; sid:2024781; rev:3; metadata:created_at 2017_09_28, malware_family Win32_Formgrabber, confidence High, signature_severity Major, updated_at 2020_08_12;)

References

md5
cb066c5625aa85957d6b8d4caef4e497
Google SearchBrave Search
urlthisissecurity.stormshield.com/2017/09/28/analyzing-form-grabber-malware-targeting-browsers

Metadata

created at2017_09_28
malware familyWin32_Formgrabber
confidenceHigh
signature severityMajor
updated at2020_08_12

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!