ET MALWARE nspps Backdoor - Sending SOCKS Details - Suricata Rule 2030109 (et/open)

ET MALWARE nspps Backdoor - Sending SOCKS Details

SID: 2030109Rev: 10 viewsHistory

Sourceet/open

CreatedMay 5, 2020

UpdatedMay 5, 2020

Classificationcommand-and-control

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE nspps Backdoor - Sending SOCKS Details"; flow:established,to_server; http.start; content:"POST /s HTTP/1.1|0d 0a|"; http.request_body; content:"|57 7a 74 47 8c 44 c8 7c ed|"; startswith; fast_pattern; reference:url,ironnet.com/blog/malware-analysis-nspps-a-go-rat-backdoor/; reference:md5,435716b4f56cf94fdb7f6085dced41e5; classtype:command-and-control; sid:2030109; rev:1; metadata:attack_target Client_Endpoint, created_at 2020_05_05, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2020_05_05;)

References

url	ironnet.com/blog/malware-analysis-nspps-a-go-rat-backdoor/
md5	435716b4f56cf94fdb7f6085dced41e5 Google Search Brave Search

Metadata

attack targetClient_Endpoint

created at2020_05_05

deploymentPerimeter

confidenceMedium

signature severityMajor

updated at2020_05_05

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!