ET MALWARE SNIcat - Detected C2 Commands (LIST) - Suricata Rule 2033800 (et/open)

ET MALWARE SNIcat - Detected C2 Commands (LIST)

SID: 2033800Rev: 30 viewsHistory

Sourceet/open

CreatedAugust 26, 2021

UpdatedMay 3, 2022

Classificationcommand-and-control

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE SNIcat - Detected C2 Commands (LIST)"; flow:established,to_server; tls.sni; content:"LIST-"; startswith; fast_pattern; pcre:"/^LIST-[A-Za-z0-9]{16}\./"; reference:url,mnemonic.no/blog/introducing-snicat/; reference:url,github.com/mnemonic-no/SNIcat/blob/master/signatures/snicat.rules; classtype:command-and-control; sid:2033800; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2021_08_26, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_05_03;)

References

url	mnemonic.no/blog/introducing-snicat/
url	github.com/mnemonic-no/SNIcat/blob/master/signatures/snicat.rules

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

created at2021_08_26

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2022_05_03

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!