ET MALWARE Suspected Stitch Variant Backdoor CnC

SID: 2029794Rev: 21 viewsHistory

Sourceet/open

CreatedApril 2, 2020

UpdatedSeptember 9, 2021

Classificationcommand-and-control

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Suspected Stitch Variant Backdoor CnC"; flow:established,to_server; content:"|00 00 00 0f|stitch626hctits"; fast_pattern; content:!"Referer|3a 20|"; content:!"User-Agent|3a 20|"; content:!"Connection|3a 20|"; content:!"Host|3a 20|"; content:!"Keep-Alive:|3a 20|"; reference:url,securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/; reference:md5,ec993ff561cbc175953502452bfa554a; classtype:command-and-control; sid:2029794; rev:2; metadata:attack_target Client_Endpoint, created_at 2020_04_02, deployment Perimeter, malware_family Stitch, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_09_09;)

References

url	securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/
md5	ec993ff561cbc175953502452bfa554a Google Search Brave Search

Metadata

attack targetClient_Endpoint

created at2020_04_02

deploymentPerimeter

malware familyStitch

performance impactLow

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_09_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!