ET MALWARE [ANY.RUN] RadX RAT Check-In (POST)

SID: 2050419Rev: 10 views
History
Sourceet/open
CreatedJanuary 24, 2024
UpdatedJanuary 24, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE [ANY.RUN] RadX RAT Check-In (POST)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/add_user"; endswith; fast_pattern; http.content_type; content:"application/json|3b 20|charset=utf-8"; bsize:31; http.header_names; content:!"User-Agent"; content:!"Referer"; content:!"Accept"; http.request_body; content:"|22|video_card|22 3a 22|"; content:"|22|windows_version|22 3a 22|"; content:"|22|processor|22 3a 22|"; content:"|22|ram|22 3a|"; content:!"|22|"; within:1; reference:md5,f0bc8d8a0ecd2ff441c9a24f907bd9db; reference:url,app.any.run/tasks/4fdde064-e353-4325-81ef-d85b22ee0f90; classtype:trojan-activity; sid:2050419; rev:1; metadata:attack_target Client_Endpoint, created_at 2024_01_24, deployment Perimeter, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_24, reviewed_at 2024_03_25; target:src_ip;)

References

md5
f0bc8d8a0ecd2ff441c9a24f907bd9db
Google SearchBrave Search
urlapp.any.run/tasks/4fdde064-e353-4325-81ef-d85b22ee0f90

Metadata

attack targetClient_Endpoint
created at2024_01_24
deploymentPerimeter
confidenceHigh
signature severityCritical
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_01_24
reviewed at2024_03_25

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!