ET MALWARE Win32/keyzetsu Stealer Variant Exfil via Telegram (Response)

SID: 2044693Rev: 17 views
History
Sourceet/open
CreatedMarch 20, 2023
UpdatedMarch 20, 2023
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Win32/keyzetsu Stealer Variant Exfil via Telegram (Response)"; flow:established,to_client; file.data; content:"|7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a|"; startswith; content:"|2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 64 61 6d 61 68|"; fast_pattern; distance:0; content:"|5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a|"; distance:4; within:20; reference:md5,7e280378e14fc3c1b3989634498d5299; reference:url,twitter.com/suyog41/status/1636014180787445760; classtype:trojan-activity; sid:2044693; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_03_20, deployment Perimeter, deployment SSLDecrypt, malware_family Win32_keyzetsu, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_20; target:dest_ip;)

References

md5
7e280378e14fc3c1b3989634498d5299
Google SearchBrave Search
urltwitter.com/suyog41/status/1636014180787445760

Metadata

attack targetClient_Endpoint
created at2023_03_20
deploymentSSLDecrypt
malware familyWin32_keyzetsu
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_03_20

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!