ET MALWARE PolarEdge Webshell Activity

SID: 2060441Rev: 156 views
Sourceet/open
CreatedFebruary 28, 2025
UpdatedFebruary 28, 2025
Classificationtrojan-activity
alert http any any -> $HOME_NET any (msg:"ET MALWARE PolarEdge Webshell Activity"; flow:established,to_server; http.uri; content:"/cgi-bin/userLogin.cgi"; http.header; content:"PASSHASH|3a 20|"; fast_pattern; content:"XCMD|3a 20|"; reference:url,blog.sekoia.io/polaredge-unveiling-an-uncovered-iot-botnet/; classtype:trojan-activity; sid:2060441; rev:1; metadata:affected_product IoT, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_02_28, deployment Perimeter, deployment Internal, malware_family PolarEdge, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_02_28, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services; target:dest_ip;)

References

urlblog.sekoia.io/polaredge-unveiling-an-uncovered-iot-botnet/

Metadata

affected productIoT
attack targetNetworking_Equipment
tls stateplaintext
created at2025_02_28
deploymentInternal
malware familyPolarEdge
performance impactLow
confidenceHigh
signature severityMajor
updated at2025_02_28
mitre tactic idTA0008
mitre tactic nameLateral_Movement
mitre technique idT1210
mitre technique nameExploitation_Of_Remote_Services

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!