ET MALWARE Diamotrix Clipper POST Request M2

SID: 2062776Rev: 138 views
Sourceet/open
CreatedJune 5, 2025
UpdatedJune 5, 2025
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Diamotrix Clipper POST Request M2"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:8; content:"/get.php"; http.user_agent; bsize:11; content:"Mozilla/5.0"; http.request_body; content:"name|3d 22|screen|22 3b 20|filename|3d 22 7b|"; fast_pattern; pcre:"/^[a-f0-9]{8}\-(?:[a-f0-9]{4}\-){3}[a-f0-9]{12}/R"; reference:md5,855e10df6346634ba680ecef86e68ae8; reference:url,app.any.run/tasks/8592c090-4f44-4771-b0ac-a44f5d6c17e0; classtype:trojan-activity; sid:2062776; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_and_Server, tls_state plaintext, created_at 2025_06_05, deployment Perimeter, malware_family DiamotrixClipper, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_06_05, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel; target:src_ip;)

References

md5
855e10df6346634ba680ecef86e68ae8
Google SearchBrave Search
urlapp.any.run/tasks/8592c090-4f44-4771-b0ac-a44f5d6c17e0

Metadata

affected productWindows_11
attack targetClient_and_Server
tls stateplaintext
created at2025_06_05
deploymentPerimeter
malware familyDiamotrixClipper
performance impactLow
confidenceHigh
signature severityMajor
updated at2025_06_05
mitre tactic idTA0010
mitre tactic nameExfiltration
mitre technique idT1041
mitre technique nameExfiltration_Over_C2_Channel

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!