ET MALWARE Win32/CrimsonRAT Variant Sending Command (inbound)

SID: 2035598Rev: 20 views
History
Sourceet/open
CreatedMarch 24, 2022
UpdatedMarch 16, 2023
Classificationtrojan-activity
alert tcp-pkt $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET MALWARE Win32/CrimsonRAT Variant Sending Command (inbound)"; flow:established,to_client; dsize:<20; content:"|69 6e 66 32 6f 3d 63 6f 64 61 6e 64|"; fast_pattern; endswith; reference:md5,9bb081fb563b2905ea52e4b858d392ed; classtype:trojan-activity; sid:2035598; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_03_24, deployment Perimeter, malware_family TransparentTribe, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_16;)

References

md5
9bb081fb563b2905ea52e4b858d392ed
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2022_03_24
deploymentPerimeter
malware familyTransparentTribe
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_03_16

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!