ET DELETED Hash - Suspected Meterpreter Reverse Shell (ja3s) M1 - Suricata Rule 2028829 (et/open)

ET DELETED Hash - Suspected Meterpreter Reverse Shell (ja3s) M1

SID: 2028829Rev: 33 viewsHistory

Sourceet/open

CreatedOctober 15, 2019

UpdatedJuly 26, 2021

Classificationcommand-and-control

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED Hash - Suspected Meterpreter Reverse Shell (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"e35df3e00ca4ef31d42b34bebaa2f86e"; flowbits:isset,ET.meterpreter.ja3; classtype:command-and-control; sid:2028829; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Server, created_at 2019_10_15, deployment Perimeter, malware_family Meterpreter, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_26;)

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetServer

created at2019_10_15

deploymentPerimeter

malware familyMeterpreter

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!