ET MALWARE Win32/TA402 CnC User-Agent
Sourceet/open
CreatedAugust 16, 2023
UpdatedNovember 13, 2023
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Win32/TA402 CnC User-Agent"; flow:established,to_server; http.user_agent; content:"Mozilla|2f|5|2e|0|20 28|Windows|20|NT|20|10|2e|0|3b 20|Win64|3b 20|x64|3b 20|rv|3a|"; startswith; content:"|29 20|Gecko|2f|"; distance:12; within:13; content:"Firefox|2f|3|2e|15"; endswith; fast_pattern; pcre:"/^Mozilla\x2f5\x2e0\x20\x28Windows\x20NT\x2010\x2e0\x3b\x20Win64\x3b\x20x64\x3b\x20rv\x3a\d{2,3}\x2e\d{1,3}\x2e\d{4}\x2e\d{2,3}\x29\x20Gecko\x2f\d{2,3}\x2e\d{1,3}\x2e\d{4}\x2e\d{2,3}\x20Firefox\x2f3\x2e15$/"; classtype:trojan-activity; sid:2049153; rev:1; metadata:attack_target Client_and_Server, created_at 2023_08_16, deployment Perimeter, deployment SSLDecrypt, malware_family Win32_TA402, performance_impact Low, confidence High, signature_severity Critical, tag TA402, updated_at 2023_11_13, reviewed_at 2023_08_16, former_sid 2855109; target:src_ip;)
Metadata
attack targetClient_and_Server
created at2023_08_16
deploymentSSLDecrypt
malware familyWin32_TA402
performance impactLow
confidenceHigh
signature severityCritical
tagTA402
updated at2023_11_13
reviewed at2023_08_16
former sid2855109
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!