ET MALWARE Qbot Related Activity (POST)

SID: 2049717Rev: 14 views
History
Sourceet/open
CreatedDecember 18, 2023
UpdatedDecember 18, 2023
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Qbot Related Activity (POST)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:!"|2e|"; http.accept; content:"application/x-shockwave-flash|2c|"; startswith; fast_pattern; http.content_type; content:"application/x-www-form-urlencoded"; bsize:33; http.header_names; content:!"Referer"; http.content_len; byte_test:0,<=,400,0,string,dec; http.request_body; content:"="; offset:4; depth:9; reference:md5,eab19c465ed16289519fddcc0befe7db; classtype:trojan-activity; sid:2049717; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_12_18, deployment Perimeter, deployment SSLDecrypt, performance_impact Moderate, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_18; target:src_ip;)

References

md5
eab19c465ed16289519fddcc0befe7db
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2023_12_18
deploymentSSLDecrypt
performance impactModerate
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_12_18

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!