ET MALWARE PikaBot Java Loader CnC Checkin

SID: 2050810Rev: 138 views
History
Sourceet/open
CreatedFebruary 13, 2024
UpdatedFebruary 13, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE PikaBot Java Loader CnC Checkin"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/PE1BD/"; fast_pattern; startswith; pcre:"/^\d{6}$/R"; http.user_agent; content:"Java"; startswith; http.accept; content:"text|2f|html|2c 20|image|2f|gif|2c 20|image|2f|jpeg|2c 20 2a 3b 20|q|3d 2e|2|2c 20 2a 2f 2a 3b 20|q|3d 2e|2"; http.connection; content:"keep-alive"; reference:md5,b5daa41dcb91138f2066513aa12fb9f3; classtype:trojan-activity; sid:2050810; rev:1; metadata:attack_target Client_and_Server, created_at 2024_02_13, deployment Perimeter, malware_family PikaBot, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_13; target:src_ip;)

References

md5
b5daa41dcb91138f2066513aa12fb9f3
Google SearchBrave Search

Metadata

attack targetClient_and_Server
created at2024_02_13
deploymentPerimeter
malware familyPikaBot
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_02_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!