🐾 - 🚨 RedLine Stealer 💀 C2 requesting informations to Windows 🪟 computer - Leak 🚱 - Suricata Rule 3300727 (pawpatrules)

🐾 - 🚨 RedLine Stealer 💀 C2 requesting informations to Windows 🪟 computer - Leak 🚱

SID: 3300727Rev: 50 views

Sourcepawpatrules

CreatedAugust 15, 2023

UpdatedAugust 16, 2023

Classificationtrojan-activity

alert tcp-pkt $EXTERNAL_NET any -> any any (msg:"🐾 - 🚨 RedLine Stealer 💀 C2 requesting informations to Windows 🪟 computer - Leak 🚱"; flow:to_client, stateless; content:"|3a 25 75 73 65 72 70 72 6f 66 69 6c 65 25 5c 44 65 73 6b 74 6f 70 7c 2a 2e 74 78 74 2c 2a 2e 64 6f 63 2a 2c 2a 6b 65 79 2a 2c 2a 77 61 6c 6c 65 74 2a 2c 2a 73 65 65 64 2a 7c 30 46|"; fast_pattern; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer; reference:url,https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf; target:dest_ip; metadata:affected_product Windows_XP_Vista_7_8_10_11_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_08_15, updated_at 2023_08_16; sid:3300727; rev:5; classtype:trojan-activity;)

References

url	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
url	https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf

Metadata

affected productWindows_XP_Vista_7_8_10_11_Server_32_64_Bit

attack targetClient_Endpoint

created at2023_08_15

updated at2023_08_16

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!