alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ObliqueRAT? CnC? Checkin"; flow:established,to_server; content:"|3e 57 69 6e 64 6f 77 73 20|"; fast_pattern; content:"|3e|"; distance:0; content:"|3e|"; distance:0; content:"|20|bits|3e|"; distance:0; content:"|3e|"; distance:0; content:"|3e 00|"; distance:0; isdataat:!1,relative; reference:md5,36903d471c43b5d602aefd791e25c889; reference:url,blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html; classtype:trojan-activity; sid:2029530; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_02_24, deployment Perimeter, former_category MALWARE, malware_family ObliqueRAT?, signature_severity Major, updated_at 2020_02_24;)

Added 2021-07-15 18:32:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ObliqueRAT? CnC? Checkin"; flow:established,to_server; content:"|3e 57 69 6e 64 6f 77 73 20|"; fast_pattern; content:"|3e|"; distance:0; content:"|3e|"; distance:0; content:"|20|bits|3e|"; distance:0; content:"|3e|"; distance:0; content:"|3e 00|"; distance:0; isdataat:!1,relative; reference:md5,36903d471c43b5d602aefd791e25c889; reference:url,https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html; classtype:trojan-activity; sid:2029530; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_02_24, deployment Perimeter, former_category MALWARE, malware_family ObliqueRAT?, signature_severity Major, updated_at 2020_02_24;)

Added 2020-08-05 19:17:38 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ObliqueRAT? CnC? Checkin"; flow:established,to_server; content:"|3e 57 69 6e 64 6f 77 73 20|"; fast_pattern; content:"|3e|"; distance:0; content:"|3e|"; distance:0; content:"|20|bits|3e|"; distance:0; content:"|3e|"; distance:0; content:"|3e 00|"; distance:0; isdataat:!1,relative; metadata: former_category MALWARE; reference:md5,36903d471c43b5d602aefd791e25c889; reference:url,https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html; classtype:trojan-activity; sid:2029530; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2020_02_24, malware_family ObliqueRAT?, updated_at 2020_02_24;)

Added 2020-02-24 20:11:37 UTC


Topic revision: r1 - 2021-07-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats