ET MALWARE Observed Buer Loader CnC Domain (kkjjhhdff .site in TLS SNI)

SID: 2029729Rev: 10 viewsHistory

Sourceet/open

CreatedMarch 23, 2020

UpdatedMarch 23, 2020

Classificationcommand-and-control

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed Buer Loader CnC Domain (kkjjhhdff .site in TLS SNI)"; flow:established,to_server; tls.sni; content:"kkjjhhdff.site"; bsize:14; reference:md5,797e835bae78cfcba5fef3d075a92599; reference:md5,d374419d6d9c9c968ece8a4e337515e0; reference:url,sysopfb.github.io/malware,/buer,/smokeloader/2020/03/18/SmokeLoader.html; classtype:command-and-control; sid:2029729; rev:1; metadata:attack_target Client_Endpoint, created_at 2020_03_23, deployment Perimeter, malware_family BuerLoader, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_03_23, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol;)

References

md5	797e835bae78cfcba5fef3d075a92599 Google Search Brave Search
md5	d374419d6d9c9c968ece8a4e337515e0 Google Search Brave Search
url	sysopfb.github.io/malware

Metadata

attack targetClient_Endpoint

created at2020_03_23

deploymentPerimeter

malware familyBuerLoader

performance impactLow

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_03_23

mitre tactic idTA0011

mitre tactic nameCommand_And_Control

mitre technique idT1071

mitre technique nameApplication_Layer_Protocol

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!