ET MALWARE Observed Win32/Koi Loader/Stealer Domain (podologie-werne .de) in TLS SNI

SID: 2049821Rev: 246 views
History
Sourceet/open
CreatedDecember 21, 2023
UpdatedOctober 3, 2024
Classificationtrojan-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed Win32/Koi Loader/Stealer Domain (podologie-werne .de) in TLS SNI"; flow:established,to_server; tls.sni; bsize:18; content:"podologie-werne.de"; fast_pattern; reference:md5,09350493580399e2983148e80fd4490b; classtype:trojan-activity; sid:2049821; rev:2; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2023_12_21, deployment Perimeter, malware_family Win32_Koi, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_10_03, reviewed_at 2024_10_03;)

References

md5
09350493580399e2983148e80fd4490b
Google SearchBrave Search

Metadata

affected productAny
attack targetClient_Endpoint
created at2023_12_21
deploymentPerimeter
malware familyWin32_Koi
performance impactLow
confidenceHigh
signature severityMajor
updated at2024_10_03
reviewed at2024_10_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!