ET MALWARE Quad7 Botnet - Outbound xlogin Telnet Prompt from Compromised Endpoint - Suricata Rule 2055288 (et/open)

ET MALWARE Quad7 Botnet - Outbound xlogin Telnet Prompt from Compromised Endpoint

SID: 2055288Rev: 153 viewsHistory

Sourceet/open

CreatedAugust 16, 2024

UpdatedAugust 16, 2024

Classificationcommand-and-control

alert tcp $HOME_NET 7777 -> any any (msg:"ET MALWARE Quad7 Botnet - Outbound xlogin Telnet Prompt from Compromised Endpoint"; flow:established,to_client; content:"xlogin|3a|"; fast_pattern; startswith; reference:url,gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd; reference:url,blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/; classtype:command-and-control; sid:2055288; rev:1; metadata:attack_target Client_and_Server, created_at 2024_08_16, deployment Perimeter, malware_family Quad7_Botnet, malware_family xlogin, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_08_16; target:src_ip;)

References

url	gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd
url	blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/

Metadata

attack targetClient_and_Server

created at2024_08_16

deploymentPerimeter

malware familyxlogin

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2024_08_16

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!