ET MALWARE iMonitor EAM CnC Server Response (*TRANSFDATA*) - Suricata Rule 2065207 (et/open)

ET MALWARE iMonitor EAM CnC Server Response (TRANSFDATA)

SID: 2065207Rev: 10 views

Sourceet/open

CreatedOctober 15, 2025

UpdatedOctober 15, 2025

Classificationcommand-and-control

alert tcp-pkt $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET MALWARE iMonitor EAM CnC Server Response (*TRANSFDATA*)"; flow:established,to_client; flowbits:isset,ET.iMonitor.Checkin; dsize:12; content:"|2a|TRANSFDATA|2a|"; threshold:type limit,count 1,seconds 300,track by_dst; reference:url,x.com/Jane_0sint/status/1977826605767721158; reference:md5,447338af0ea5509735050add5ba9192a; classtype:command-and-control; sid:2065207; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state plaintext, created_at 2025_10_15, deployment Perimeter, malware_family iMonitor, confidence High, signature_severity Critical, updated_at 2025_10_15, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1219, mitre_technique_name Remote_Access_Software; target:dest_ip;)

References

url	x.com/Jane_0sint/status/1977826605767721158
md5	447338af0ea5509735050add5ba9192a Google Search Brave Search

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

tls stateplaintext

created at2025_10_15

deploymentPerimeter

malware familyiMonitor

confidenceHigh

signature severityCritical

updated at2025_10_15

mitre tactic idTA0011

mitre tactic nameCommand_And_Control

mitre technique idT1219

mitre technique nameRemote_Access_Software

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!