ET MALWARE ELF/Facefish Session Closing (400)
Sourceet/open
CreatedJune 7, 2021
UpdatedApril 17, 2023
Classificationtrojan-activity
alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET MALWARE ELF/Facefish Session Closing (400)"; flow:established,to_server; flowbits:isset,ET.facefish; dsize:8; content:"|00 00 00 04 00 00 00 00|"; reference:url,blog.netlab.360.com/ssh_stealer_facefish_en; reference:md5,38fb322cc6d09a6ab85784ede56bc5a7; reference:md5,63dc3037bf0022e2d281f0463529bf60; classtype:trojan-activity; sid:2033112; rev:3; metadata:affected_product Mac_OSX, affected_product Linux, attack_target Client_Endpoint, created_at 2021_06_07, deployment Perimeter, malware_family ELF_Facefish, confidence Medium, signature_severity Major, tag RAT, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_17;)
References
| url | blog.netlab.360.com/ssh_stealer_facefish_en |
| md5 | 38fb322cc6d09a6ab85784ede56bc5a7 |
| md5 | 63dc3037bf0022e2d281f0463529bf60 |
Metadata
affected productLinux
attack targetClient_Endpoint
created at2021_06_07
deploymentPerimeter
malware familyELF_Facefish
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_04_17
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!