ET MALWARE BlackTech FlagPro Dropper Activity (GET)

SID: 2036309Rev: 31 views
History
Sourceet/open
CreatedJuly 15, 2021
UpdatedMarch 24, 2023
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE BlackTech FlagPro Dropper Activity (GET)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:".htmld?flag"; fast_pattern; pcre:"/^(?:pro)?=(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/R"; http.header_names; content:!"Referer"; reference:md5,1b39dcc5de43d2840d6992a561e34eec; reference:url,twitter.com/GlobalNTT_JP/status/1517061187107946496; classtype:trojan-activity; sid:2036309; rev:3; metadata:attack_target Client_Endpoint, created_at 2021_07_15, deployment Perimeter, malware_family BlackTech, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_24;)

References

md5
1b39dcc5de43d2840d6992a561e34eec
Google SearchBrave Search
urltwitter.com/GlobalNTT_JP/status/1517061187107946496

Metadata

attack targetClient_Endpoint
created at2021_07_15
deploymentPerimeter
malware familyBlackTech
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_03_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!