ET MALWARE CrimsonRAT Host Details Exfil

SID: 2052908Rev: 11 viewsHistory

Sourceet/open

CreatedMay 28, 2024

UpdatedMay 28, 2024

Classificationtrojan-activity

alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE CrimsonRAT Host Details Exfil"; flow:established,to_server; content:"|12 00 00 00 00|"; startswith; content:"|7c 7c 20 7c 7c|C|3a 5c|Users"; fast_pattern; reference:md5,da2331ac3e073164d54bcc5323cf0250; reference:url,twitter.com/0xrb/status/1795362130281324685; classtype:trojan-activity; sid:2052908; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_05_28, deployment Perimeter, malware_family CrimsonRAT, confidence High, signature_severity Critical, updated_at 2024_05_28;)

References

md5	da2331ac3e073164d54bcc5323cf0250 Google Search Brave Search
url	twitter.com/0xrb/status/1795362130281324685

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

tls stateplaintext

created at2024_05_28

deploymentPerimeter

malware familyCrimsonRAT

confidenceHigh

signature severityCritical

updated at2024_05_28

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!