ET MALWARE MacOS/Adload Proxy Node Response

SID: 2047630Rev: 37 views
History
Sourceet/open
CreatedAugust 11, 2023
UpdatedMarch 21, 2025
Classificationbad-unknown
alert tcp $EXTERNAL_NET [7000:7002] -> $HOME_NET any (msg:"ET MALWARE MacOS/Adload Proxy Node Response"; flow:established,to_client; content:"|7B 22|result|22 3A|"; offset:0; depth:10; content:"|22|error|22 3A 22|"; distance:0; content:"|22 2C 22|action|22 3A 22|result|22|"; distance:0; fast_pattern; content:"|22|uuid4|22|"; distance:0; content:"|22|version|22|"; distance:0; threshold:type limit, track by_dst, count 1, seconds 60; reference:url,cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload; classtype:bad-unknown; sid:2047630; rev:3; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2023_08_11, deployment Perimeter, malware_family Adload, confidence High, signature_severity Major, updated_at 2025_03_21;)

References

urlcybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload

Metadata

affected productMac_OSX
attack targetClient_Endpoint
created at2023_08_11
deploymentPerimeter
malware familyAdload
confidenceHigh
signature severityMajor
updated at2025_03_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!