ET MALWARE RMM Payload Delivery Behvaior Observed in HTTP Cookies

SID: 2068409Rev: 11 views
Sourceet/open
CreatedMarch 24, 2026
UpdatedMarch 24, 2026
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE RMM Payload Delivery Behvaior Observed in HTTP Cookies"; flow:established,to_server; http.method; content:"GET"; http.cookie; content:"_pre_check="; startswith; pcre:"/^[a-z0-9]{8}/R"; content:"|2c 20|captcha_token"; within:16; fast_pattern; classtype:trojan-activity; sid:2068409; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_03_24, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag RMM, updated_at 2026_03_24; target:src_ip;)

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_Endpoint
tls stateTLSDecrypt
created at2026_03_24
deploymentSSLDecrypt
confidenceMedium
signature severityMajor
tagRMM
updated at2026_03_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!