ET MALWARE Observed Emotet Maldoc Retrieving Payload (2023-03-07) M2

SID: 2044518Rev: 26 views
History
Sourceet/open
CreatedMarch 8, 2023
UpdatedMarch 9, 2023
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed Emotet Maldoc Retrieving Payload (2023-03-07) M2"; flow:established,to_server; http.method; content:"GET"; http.uri; bsize:<60; content:"/"; startswith; content:"/?1"; fast_pattern; within:50; pcre:"/\/\?1[0-9]{5}(?:&c=\d{1,2})?$/"; http.header_names; content:!"|0d 0a|Referer|0d 0a|"; http.accept; bsize:3; content:"|2a 2f 2a|"; classtype:trojan-activity; sid:2044518; rev:2; metadata:attack_target Client_Endpoint, created_at 2023_03_08, deployment Perimeter, confidence High, signature_severity Major, updated_at 2023_03_09; target:src_ip;)

Metadata

attack targetClient_Endpoint
created at2023_03_08
deploymentPerimeter
confidenceHigh
signature severityMajor
updated at2023_03_09

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!