ET MALWARE Executable contained in DICOM Medical Image SMB File Transfer

SID: 2027402Rev: 11 views
History
Sourceet/open
CreatedMay 31, 2019
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert tcp any any -> $HOME_NET 445 (msg:"ET MALWARE Executable contained in DICOM Medical Image SMB File Transfer"; flow:established,to_server; flowbits:isset,ET.smb.binary; content:"SMB"; depth:8; content:"MZ"; distance:0; content:"DICM"; fast_pattern; distance:126; within:4; reference:url,github.com/d00rt/pedicom/; reference:url,labs.cylera.com/2019/04/16/pe-dicom-medical-malware/; classtype:trojan-activity; sid:2027402; rev:1; metadata:affected_product Windows_Client_Apps, attack_target Client_Endpoint, created_at 2019_05_31, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

urlgithub.com/d00rt/pedicom/
urllabs.cylera.com/2019/04/16/pe-dicom-medical-malware/

Metadata

affected productWindows_Client_Apps
attack targetClient_Endpoint
created at2019_05_31
deploymentInternal
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!