ET MALWARE JaskaGO CnC Activity (GET)
Sourceet/open
CreatedJuly 25, 2024
UpdatedJuly 25, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE JaskaGO CnC Activity (GET)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"|2f|api|2f|v1|2f|bulla|2f 3f|id|3d|"; startswith; fast_pattern; content:"&data="; distance:0; http.user_agent; content:"Go-http-client"; startswith; reference:md5,5dcba1aedb36bd8ccc7c70466dbd4cff; reference:url,x.com/suyog41/status/1815659891790352779; classtype:trojan-activity; sid:2054667; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Mac_OSX, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_07_25, deployment Perimeter, malware_family JaskaGO, confidence High, signature_severity Critical, updated_at 2024_07_25;)
References
| md5 | 5dcba1aedb36bd8ccc7c70466dbd4cff |
| url | x.com/suyog41/status/1815659891790352779 |
Metadata
affected productMac_OSX
attack targetClient_Endpoint
tls stateplaintext
created at2024_07_25
deploymentPerimeter
malware familyJaskaGO
confidenceHigh
signature severityCritical
updated at2024_07_25
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!