ET MALWARE Erf C2 Admin Panel Page Response (sha1:63060ac2fb64f9045b054bbdd8d73d4f6905b4f3)

SID: 2059670Rev: 148 views

Sourceet/open

CreatedJanuary 27, 2025

UpdatedJanuary 27, 2025

Classificationcommand-and-control

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Erf C2 Admin Panel Page Response (sha1:63060ac2fb64f9045b054bbdd8d73d4f6905b4f3)"; flow:established,to_client; http.response_body; to_sha1; content:"|63060ac2fb64f9045b054bbdd8d73d4f6905b4f3|"; reference:url,censys.com/pivoting-for-nosviak/; classtype:command-and-control; sid:2059670; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_01_27, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag c2, updated_at 2025_01_27, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol; target:src_ip;)

References

url	censys.com/pivoting-for-nosviak/

Metadata

attack targetClient_Endpoint

tls stateTLSDecrypt

created at2025_01_27

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagc2

updated at2025_01_27

mitre tactic idTA0011

mitre tactic nameCommand_And_Control

mitre technique idT1071

mitre technique nameApplication_Layer_Protocol

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!