ET MALWARE TA428 Infostealer CnC Host Checkin
Sourceet/open
CreatedOctober 1, 2020
UpdatedOctober 1, 2020
Classificationtargeted-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TA428 Infostealer CnC Host Checkin"; flow:established,to_server; content:"|54 0b 54|"; offset:16; depth:3; fast_pattern; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|54 0b 54|"; distance:0; content:"|08 00|"; distance:0; content:"|01|"; endswith; reference:md5,a5a4046989fa0f99c2076aec3ea0ab2a; reference:url,vblocalhost.com/uploads/VB2020-20.pdf; classtype:targeted-activity; sid:2030939; rev:2; metadata:attack_target Client_Endpoint, created_at 2020_10_01, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, updated_at 2020_10_01;)
References
| md5 | a5a4046989fa0f99c2076aec3ea0ab2a |
| url | vblocalhost.com/uploads/VB2020-20.pdf |
Metadata
attack targetClient_Endpoint
created at2020_10_01
deploymentPerimeter
performance impactModerate
confidenceHigh
signature severityMajor
updated at2020_10_01
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!