ET MALWARE GhostPenguin C2 Beacon Observed
Sourceet/open
CreatedJanuary 12, 2026
UpdatedJanuary 12, 2026
Classificationtrojan-activity
alert udp $HOME_NET any -> any 53 (msg:"ET MALWARE GhostPenguin C2 Beacon Observed"; dsize:34; content:"|22 00|FFFFFFFFFFFFFFFF|04|"; startswith; reference:url,www.trendmicro.com/en_us/research/25/l/ghostpenguin.html; reference:md5,7d3bd0d04d3625322459dd9f11cc2ea3; classtype:trojan-activity; sid:2066686; rev:1; metadata:affected_product Linux, attack_target Client_and_Server, created_at 2026_01_12, deployment Perimeter, deployment Internal, malware_family GhostPenguin, performance_impact Low, confidence High, signature_severity Major, updated_at 2026_01_12, mitre_tactic_id TA0037, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
References
| url | www.trendmicro.com/en_us/research/25/l/ghostpenguin.html |
| md5 | 7d3bd0d04d3625322459dd9f11cc2ea3 |
Metadata
affected productLinux
attack targetClient_and_Server
created at2026_01_12
deploymentInternal
malware familyGhostPenguin
performance impactLow
confidenceHigh
signature severityMajor
updated at2026_01_12
mitre tactic idTA0037
mitre tactic nameCommand_And_Control
mitre technique idT1041
mitre technique nameExfiltration_Over_C2_Channel
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!