🐾 - 🚨 Possible Darkvision RAT 🐀 C2 Server answer flow

SID: 3300720Rev: 1551 views
Sourcepawpatrules
CreatedMay 30, 2023
UpdatedMay 31, 2023
Classificationtrojan-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Possible Darkvision RAT 🐀 C2 Server answer flow"; flow:to_client, stateless; threshold:type threshold, track by_dst, count 10, seconds 60; ja3s.hash; content:"098e26e2609212ac1bfac552fbe04127"; reference:url,https://bazaar.abuse.ch/sample/56cb118f4caa1f3d0461faba24d9cb575843177b2a756622533ba00dbac10a2a/; reference:url,https://app.any.run/tasks/98e269e7-68e9-40b1-89e7-90745a119a0a/; reference:url,https://www.virustotal.com/gui/domain/pylox.petchx.com/relations; reference:url,https://www.pcrisk.com/removal-guides/26678-darkvision-rat; reference:url,https://www.youtube.com/watch?v=Bs-1Piy3GRk; metadata:created_at 2023_05_30, updated_at 2023_05_31; sid:3300720; rev:15; classtype:trojan-activity;)

References

urlhttps://bazaar.abuse.ch/sample/56cb118f4caa1f3d0461faba24d9cb575843177b2a756622533ba00dbac10a2a/
urlhttps://app.any.run/tasks/98e269e7-68e9-40b1-89e7-90745a119a0a/
urlhttps://www.virustotal.com/gui/domain/pylox.petchx.com/relations
urlhttps://www.pcrisk.com/removal-guides/26678-darkvision-rat
urlhttps://www.youtube.com/watch?v=Bs-1Piy3GRk

Metadata

created at2023_05_30
updated at2023_05_31

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!