alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/FlawedAmmyy RAT CnC? Checkin"; flow:established,to_server; content:"|00 00 00 69 64 3d|"; depth:10; content:"|26 6f 73 3d|"; distance:0; within:30; content:"|26 70 72 69 76 3d|"; distance:0; within:20; content:"|26 63 72 65 64 3d|"; distance:0; within:20; content:"|26 70 63 6e 61 6d 65 3d|"; distance:0; content:"|26 61 76 6e 61 6d 65 3d|"; distance:0; content:"|26 62 75 69 6c 64 5f 74 69 6d 65 3d|"; distance:0; fast_pattern; content:"|26 63 61 72 64 3d|"; distance:0; metadata: former_category TROJAN; reference:md5,32485b8cedc5b79aa1bf2d7ceae0ef31; classtype:trojan-activity; sid:2025408; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_03_01, malware_family FlawedAmmyy?, performance_impact Moderate, updated_at 2018_03_07;)

Added 2018-09-13 19:54:35 UTC


Added 2018-09-13 18:02:05 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/FlawedAmmyy RAT CnC? Checkin"; flow:established,to_server; content:"|00 00 00 69 64 3d|"; depth:10; content:"|26 6f 73 3d|"; distance:0; within:30; content:"|26 70 72 69 76 3d|"; distance:0; within:20; content:"|26 63 72 65 64 3d|"; distance:0; within:20; content:"|26 70 63 6e 61 6d 65 3d|"; distance:0; content:"|26 61 76 6e 61 6d 65 3d|"; distance:0; content:"|26 62 75 69 6c 64 5f 74 69 6d 65 3d|"; distance:0; fast_pattern; content:"|26 63 61 72 64 3d|"; distance:0; metadata: former_category TROJAN; reference:md5,32485b8cedc5b79aa1bf2d7ceae0ef31; classtype:trojan-activity; sid:2025408; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_03_01, malware_family FlawedAmmyy?, performance_impact Moderate, updated_at 2018_03_07;)

Added 2018-03-07 17:59:16 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Flawed Grace Backdoor CnC? Checkin"; flow:established,to_server; content:"|00 00 00 69 64 3d|"; depth:10; content:"|26 6f 73 3d|"; distance:0; within:30; content:"|26 70 72 69 76 3d|"; distance:0; within:20; content:"|26 63 72 65 64 3d|"; distance:0; within:20; content:"|26 70 63 6e 61 6d 65 3d|"; distance:0; content:"|26 61 76 6e 61 6d 65 3d|"; distance:0; content:"|26 62 75 69 6c 64 5f 74 69 6d 65 3d|"; distance:0; fast_pattern; content:"|26 63 61 72 64 3d|"; distance:0; metadata: former_category TROJAN; reference:md5,32485b8cedc5b79aa1bf2d7ceae0ef31; classtype:trojan-activity; sid:2025408; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_03_01, malware_family Flawed_Grace, performance_impact Moderate, updated_at 2018_03_06;)

Added 2018-03-06 17:52:12 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats