ET MALWARE QuickBooks Pop-Up Scam - Checkin - Suricata Rule 2049226 (et/open)

ET MALWARE QuickBooks Pop-Up Scam - Checkin

SID: 2049226Rev: 121 viewsHistory

Sourceet/open

CreatedNovember 16, 2023

UpdatedNovember 16, 2023

Classificationcommand-and-control

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE QuickBooks Pop-Up Scam - Checkin"; flow:established,to_server; flowbits:set,ET.QBScam.Checkin; http.method; content:"POST"; http.uri; bsize:13; content:"/api/add-user"; http.request_body; content:"|22|customer|5f|name|22|"; content:"|22|phone|22|"; content:"|22|serial|5f|key|22|"; content:"|22|software|5f|name|22|"; content:"|22|software|5f|version|22|"; reference:md5,2254df2f656b76071da28131b4eca9c4; reference:url,www.esentire.com/blog/threat-actors-using-fake-quickbooks-software-to-scam-organizations; classtype:command-and-control; sid:2049226; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_11_16, deployment Perimeter, performance_impact Low, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_11_16; target:src_ip;)

References

md5	2254df2f656b76071da28131b4eca9c4 Google Search Brave Search
url	www.esentire.com/blog/threat-actors-using-fake-quickbooks-software-to-scam-organizations

Metadata

attack targetClient_Endpoint

created at2023_11_16

deploymentPerimeter

performance impactLow

confidenceHigh

signature severityCritical

tagDescription_Generated_By_Proofpoint_Nexus

updated at2023_11_16

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!