ET MALWARE Win32/MassLogger FTP Data Exfiltration

SID: 2037021Rev: 10 views
History
Sourceet/open
CreatedJune 16, 2022
UpdatedJune 16, 2022
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/MassLogger FTP Data Exfiltration"; flow:established,to_server; content:"|3c 7c 7c 20 20|v"; startswith; content:"|20 7c 7c 3e|"; distance:0; content:"User Name|3a 20|"; content:"Windows OS|3a 20|"; content:"MassLogger Started|3a 20|"; content:"Interval|3a 20|"; content:"MassLogger Process|3a 20|"; fast_pattern; reference:md5,b044aefa2e42d7efadf53394442fcca6; classtype:trojan-activity; sid:2037021; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_06_16, deployment Perimeter, malware_family Win32_MassLogger, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_16;)

References

md5
b044aefa2e42d7efadf53394442fcca6
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2022_06_16
deploymentPerimeter
malware familyWin32_MassLogger
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_06_16

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!