🐾 - 🚨 Suspicious TLS Certificate - Possible 👿 Pupy 🐕 Python RAT 🪟 flow with C2 Server - Suricata Rule 3301143 (pawpatrules)

🐾 - 🚨 Suspicious TLS Certificate - Possible 👿 Pupy 🐕 Python RAT 🪟 flow with C2 Server

SID: 3301143Rev: 218 views

Sourcepawpatrules

CreatedFebruary 21, 2024

UpdatedFebruary 21, 2024

Classificationcommand-and-control

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious TLS Certificate - Possible 👿 Pupy 🐕 Python RAT 🪟 flow with C2 Server"; flow:to_client, stateless; tls.cert_issuer; content:"O="; pcre:"/^O=[a-zA-Z]{10}$/"; tls.cert_subject; content:"O="; pcre:"/^O=[a-zA-Z]{10}$/"; content:"OU=CONTROL"; fast_pattern; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.pupy; reference:url,https://github.com/n1nj4sec/pupy; metadata:attack_target Client_and_Server, signature_severity Major, affected_product Windows_XP_Vista_7_8_10_11_Server_32_64_Bit, mitre_tactic_id TA0011, mitre_tactic_name Command_and_Control, mitre_technique_id T1071.001, mitre_technique_name Application_Layer_Protocol_Web_Protocols, former_category MALWARE, malware_family Pupy, created_at 2024_02_21, updated_at 2024_02_21; sid:3301143; rev:2; classtype:command-and-control;)

References

url	https://malpedia.caad.fkie.fraunhofer.de/details/win.pupy
url	https://github.com/n1nj4sec/pupy

Metadata

attack targetClient_and_Server

signature severityMajor

affected productWindows_XP_Vista_7_8_10_11_Server_32_64_Bit

mitre tactic idTA0011

mitre tactic nameCommand_and_Control

mitre technique idT1071.001

mitre technique nameApplication_Layer_Protocol_Web_Protocols

former categoryMALWARE

malware familyPupy

created at2024_02_21

updated at2024_02_21

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!