ET MALWARE Foudre Checkin M4

SID: 2031418Rev: 10 viewsHistory

Sourceet/open

CreatedDecember 16, 2020

UpdatedDecember 16, 2020

Classificationcommand-and-control

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Foudre Checkin M4"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/en/?2"; startswith; fast_pattern; http.host; pcre:"/^[a-f0-9]{8}\.(?:s(?:pac|it)e|net|top)$/Wm"; http.request_body; content:"f="; startswith; content:"&c="; distance:0; content:"&u="; distance:0; content:"&v="; distance:0; content:"&s="; distance:0; content:"&mi="; distance:0; content:"&t="; distance:0; content:"&txt="; distance:0; content:"&e=EOF"; endswith; reference:url,twitter.com/ShadowChasing1/status/1339190981703266304; reference:md5,2d459929135993959cacceb0dd81a813; reference:md5,d01bcca6255a4f062fc59a014f407532; classtype:command-and-control; sid:2031418; rev:1; metadata:attack_target Client_Endpoint, created_at 2020_12_16, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_12_16;)

References

url	twitter.com/ShadowChasing1/status/1339190981703266304
md5	2d459929135993959cacceb0dd81a813 Google Search Brave Search
md5	d01bcca6255a4f062fc59a014f407532 Google Search Brave Search

Metadata

attack targetClient_Endpoint

created at2020_12_16

deploymentPerimeter

performance impactLow

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_12_16

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!