ET RETIRED BunnyLoader Initial CnC Checkin Response

SID: 2048398Rev: 20 viewsHistory

Sourceet/open

CreatedOctober 4, 2023

UpdatedJuly 14, 2025

Classificationtrojan-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET RETIRED BunnyLoader Initial CnC Checkin Response"; flow:established,to_client; flowbits:isset,ET.BunnyLoader.Checkin; http.stat_code; content:"200"; http.content_len; byte_test:0,=,11,0,string,dec; http.response_body; content:"Connected|0d 0a|"; fast_pattern; reference:url,www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service; reference:md5,dbf727e1effc3631ae634d95a0d88bf3; classtype:trojan-activity; sid:2048398; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_and_Server, created_at 2023_10_04, deployment Perimeter, former_category MALWARE, malware_family BunnyLoader, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_07_14, reviewed_at 2023_10_04; target:dest_ip;)

References

url	www.zscaler.com/blogs/security-research/bunnyloader-newest-malware-service
md5	dbf727e1effc3631ae634d95a0d88bf3 Google Search Brave Search

Metadata

affected productWindows_11

attack targetClient_and_Server

created at2023_10_04

deploymentPerimeter

former categoryMALWARE

malware familyBunnyLoader

performance impactLow

confidenceHigh

signature severityMajor

updated at2025_07_14

reviewed at2023_10_04

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!