🐾 - 🚨 Pygmy Goat 🐐 C2 - Fake SSH handshake 🤝 - TA0011 - Suricata Rule 3321403 (pawpatrules)

🐾 - 🚨 Pygmy Goat 🐐 C2 - Fake SSH handshake 🤝 - TA0011

SID: 3321403Rev: 111 views

Sourcepawpatrules

CreatedNovember 12, 2024

UpdatedNovember 12, 2024

Classificationcommand-and-control

alert tcp any 22 -> any any (msg:"🐾 - 🚨 Pygmy Goat 🐐 C2 - Fake SSH handshake 🤝 - TA0011"; flow:to_client, stateless; flowbits:isset,pptrls.pygmygoatfakessh; content:"|53 53 48 2d 32 2e 30 2d 44 38 70 6a 45 0d 0a|"; fast_pattern; reference:url,https://attack.mitre.org/tactics/TA0011/; reference:url,https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf; target:src_ip; metadata:attack_target Server, signature_severity Major, affected_product ELF_X86, mitre_tactic_id TA0011, mitre_tactic_name Command_and_Control, mitre_technique_id T1071.001, mitre_technique_name Application_Layer_Protocol_Web_Protocols, former_category MALWARE, malware_family Pygmy_Goat, created_at 2024_11_12, updated_at 2024_11_12; sid:3321403; rev:1; classtype:command-and-control;)

References

url	https://attack.mitre.org/tactics/TA0011/
url	https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf

Metadata

attack targetServer

signature severityMajor

affected productELF_X86

mitre tactic idTA0011

mitre tactic nameCommand_and_Control

mitre technique idT1071.001

mitre technique nameApplication_Layer_Protocol_Web_Protocols

former categoryMALWARE

malware familyPygmy_Goat

created at2024_11_12

updated at2024_11_12

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!