ET MALWARE JanelaRAT Staging URL

SID: 2062713Rev: 16 views
Sourceet/open
CreatedJune 2, 2025
UpdatedJune 3, 2025
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE JanelaRAT Staging URL"; flow:established,to_server; http.method; content:"GET"; http.host; bsize:10; content:"gitlab.com"; http.uri; content:"rootkit_"; fast_pattern; pcre:"/^[0-9]{4}/R"; reference:url,zscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech; classtype:trojan-activity; sid:2062713; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2025_06_02, deployment Perimeter, malware_family JanelaRAT, confidence High, signature_severity Major, tag RAT, updated_at 2025_06_03;)

References

urlzscaler.com/blogs/security-research/janelarat-repurposed-bx-rat-variant-targeting-latam-fintech

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_Endpoint
created at2025_06_02
deploymentPerimeter
malware familyJanelaRAT
confidenceHigh
signature severityMajor
tagRAT
updated at2025_06_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!