ET MALWARE Win32/CrimsonRAT Activity (Outbound)

SID: 2044148Rev: 15 viewsHistory

Sourceet/open

CreatedFebruary 8, 2023

UpdatedFebruary 8, 2023

Classificationtrojan-activity

alert tcp-pkt $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Win32/CrimsonRAT Activity (Outbound)"; flow:established,to_server; dsize:100<>150; content:"|00 00 00 00|"; offset:1; depth:4; content:"|79 32|"; distance:2; within:2; content:"|3d|"; distance:2; within:3; content:"|7c 7c|"; distance:0; content:"|3e|"; distance:1; within:1; content:"|7c 7c 43 3a 5c 55 73 65 72 73 5c|"; distance:12; within:11; fast_pattern; reference:md5,e55e497ceadd037254e847187b6996da; reference:url,twitter.com/RedDrip7/status/1622908094606094338; classtype:trojan-activity; sid:2044148; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_02_08, deployment Perimeter, malware_family CrimsonRAT, performance_impact Significant, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_02_08; target:src_ip;)

References

md5	e55e497ceadd037254e847187b6996da Google Search Brave Search
url	twitter.com/RedDrip7/status/1622908094606094338

Metadata

attack targetClient_Endpoint

created at2023_02_08

deploymentPerimeter

malware familyCrimsonRAT

performance impactSignificant

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2023_02_08

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!