ET MALWARE Executable contained in DICOM Medical Image PACS DICOM Protocol Transfer

SID: 2027403Rev: 10 views
History
Sourceet/open
CreatedMay 31, 2019
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert tcp any any -> $HOME_NET [104,2104,22104] (msg:"ET MALWARE Executable contained in DICOM Medical Image PACS DICOM Protocol Transfer"; flow:established,to_client; content:"MZ"; within:2; byte_jump:4,58,relative,little; content:"PE|00 00|"; distance:-64; within:4; content:"DICM"; offset:128; depth:4; fast_pattern; reference:url,github.com/d00rt/pedicom/; reference:url,labs.cylera.com/2019/04/16/pe-dicom-medical-malware/; classtype:trojan-activity; sid:2027403; rev:1; metadata:affected_product Windows_Client_Apps, attack_target Client_Endpoint, created_at 2019_05_31, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

urlgithub.com/d00rt/pedicom/
urllabs.cylera.com/2019/04/16/pe-dicom-medical-malware/

Metadata

affected productWindows_Client_Apps
attack targetClient_Endpoint
created at2019_05_31
deploymentInternal
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!