ET MALWARE RShell Backdoor Keepalive

SID: 2038536Rev: 10 views
History
Sourceet/open
CreatedAugust 16, 2022
UpdatedAugust 16, 2022
Classificationcommand-and-control
alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE RShell Backdoor Keepalive"; flow:established,to_server; dsize:25; content:"|19 00 00 00 02 74 79 70 65 00 0a 00 00 00 6b 65 65 70 61 6c 69 76 65 00 00|"; fast_pattern; threshold:type limit, track by_src, seconds 500, count 1; reference:url,blog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos; reference:url,www.trendmicro.com/en_us/research/22/h/irontiger-compromises-chat-app-Mimi-targets-windows-mac-linux-users.html; classtype:command-and-control; sid:2038536; rev:1; metadata:attack_target Client_and_Server, created_at 2022_08_16, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2022_08_16;)

References

urlblog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos
urlwww.trendmicro.com/en_us/research/22/h/irontiger-compromises-chat-app-Mimi-targets-windows-mac-linux-users.html

Metadata

attack targetClient_and_Server
created at2022_08_16
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityMajor
updated at2022_08_16

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!