#alert tcp $HOME_NET any -> $EXTERNAL_NET ![25,465,587] (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; byte_test:1,!=,same_test,33; pcre:!"/^[\x20-\x7e\r\n]+$/"; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:8; metadata:attack_target Client_Endpoint, created_at 2015_03_19, deployment Perimeter, former_category MALWARE, signature_severity Major, tag c2, updated_at 2015_03_19, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

Added 2021-06-18 18:19:22 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET ![25,465,587] (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; byte_test:1,!=,same_test,33; pcre:!"/^[\x20-\x7e\r\n]+$/"; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:8; metadata:created_at 2015_03_19, former_category MALWARE, updated_at 2015_03_19;)

Added 2020-08-05 19:11:00 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET ![25,465,587] (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; byte_test:1,!=,same_test,33; pcre:!"/^[\x20-\x7e\r\n]+$/"; metadata: former_category MALWARE; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:8; metadata:created_at 2015_03_19, updated_at 2015_03_19;)

Added 2019-09-19 19:26:15 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET ![25,465,587] (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; byte_test:1,!=,same_test,33; pcre:!"/^[\x20-\x7e\r\n]+$/"; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:8; metadata:created_at 2015_03_19, updated_at 2015_03_19;)

Added 2018-09-13 19:50:48 UTC


Added 2018-09-13 17:59:51 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET ![25,465,587] (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; byte_test:1,!=,same_test,33; pcre:!"/^[\x20-\x7e\r\n]+$/"; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:8; metadata:created_at 2015_03_19, updated_at 2015_03_19;)

Added 2017-08-07 21:15:16 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET ![25,465,587] (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; byte_test:1,!=,same_test,33; pcre:!"/^[\x20-\x7e\r\n]+$/"; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:8;)

Added 2016-04-05 17:59:29 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET ![25,465,587] (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; byte_test:1,!=,same_test,33; pcre:!"/^[a-zA-Z0-9+/=\r\n]+$/"; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:7;)

Added 2015-04-28 19:13:42 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; pcre:!"/^[a-zA-Z0-9+/=\r\n]+$/"; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:5;)

Added 2015-03-27 19:40:04 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN HOMEUNIX/9002 CnC? Beacon"; flow:established,to_server; dsize:48; content:!"|00 00 00|"; offset:1; depth:3; byte_extract:3,1,xor_key; byte_test:3,=,xor_key,9; byte_test:3,=,xor_key,13; byte_extract:1,1,same_test; byte_test:1,!=,same_test,8; reference:md5,256438747bae78c9101c9a0d4efe5572; classtype:trojan-activity; sid:2020714; rev:3;)

Added 2015-03-19 19:00:23 UTC


Topic revision: r1 - 2021-06-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats