ET MALWARE Py/MechaFlounder CnC Activity - Reporting Upload Command Error - Suricata Rule 2027052 (et/open)

ET MALWARE Py/MechaFlounder CnC Activity - Reporting Upload Command Error

SID: 2027052Rev: 17 viewsHistory

Sourceet/open

CreatedMarch 6, 2019

UpdatedJuly 26, 2019

Classificationcommand-and-control

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Py/MechaFlounder CnC Activity - Reporting Upload Command Error"; flow:established,to_server; content:!"HTTP|2f|"; content:"2A2A75706C6F6164206661696C65642C"; fast_pattern; reference:url,unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/; classtype:command-and-control; sid:2027052; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2019_03_06, deployment Perimeter, malware_family MechaFlounder, performance_impact Low, confidence High, signature_severity Major, tag APT, tag Chafer, tag Python, updated_at 2019_07_26;)

References

url	unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_and_Server

created at2019_03_06

deploymentPerimeter

malware familyMechaFlounder

performance impactLow

confidenceHigh

signature severityMajor

tagPython

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!