ET MALWARE TA426/Zebrocy Hatvibe CnC Server Response M1

SID: 2057742Rev: 12 views

Sourceet/open

CreatedJuly 31, 2024

UpdatedNovember 21, 2024

Classificationtrojan-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE TA426/Zebrocy Hatvibe CnC Server Response M1"; flow:established,to_client; http.stat_code; content:"200"; file.data; content:"sd5ddf3e3fg4gfds"; fast_pattern; startswith; reference:md5,81cdcda59c86f8aa636810e4a085d673; reference:url,cert.gov.ua/article/6280129; reference:url,www.recordedfuture.com/research/russia-aligned-tag-110-targets-asia-and-europe; classtype:trojan-activity; sid:2057742; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_07_31, deployment Perimeter, malware_family Zebrocy, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_11_21, former_sid 2857737; target:dest_ip;)

References

md5	81cdcda59c86f8aa636810e4a085d673 Google Search Brave Search
url	cert.gov.ua/article/6280129
url	www.recordedfuture.com/research/russia-aligned-tag-110-targets-asia-and-europe

Metadata

affected productWindows_11

attack targetClient_Endpoint

tls stateplaintext

created at2024_07_31

deploymentPerimeter

malware familyZebrocy

performance impactLow

confidenceHigh

signature severityMajor

updated at2024_11_21

former sid2857737

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!