MALWARE [PTsecurity] Backdoor.Win32/Remcos RAT connection

SID: 11003615Rev: 80 views
Sourceptresearch/attackdetection
CreatedSeptember 11, 2017
UpdatedApril 11, 2018
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"MALWARE [PTsecurity] Backdoor.Win32/Remcos RAT connection"; flow:established, to_server; dsize:44<>270; stream_size:server,<,200; stream_size:server,>,50; stream_size:client,<,1400; stream_size:client,>,200; flowbits:isset,FB180732_3; flowbits:unset,FB180732_3; threshold:type limit,track by_src,count 1, seconds 30; metadata:former_category TROJAN; reference:url,blog.fortinet.com/2017/02/14/remcos-a-new-rat-in-the-wild-2; classtype:trojan-activity; reference:url, github.com/ptresearch/AttackDetection; sid:11003615; rev:8; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2017_09_11, malware_family Remcos, performance_impact Moderate, updated_at 2018_04_11;)

References

urlblog.fortinet.com/2017/02/14/remcos-a-new-rat-in-the-wild-2
urlgithub.com/ptresearch/AttackDetection

Metadata

former categoryTROJAN

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!