alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspected Stitch Variant Backdoor CnC?"; flow:established,to_server; content:"|00 00 00 0f|stitch626hctits"; fast_pattern; content:!"Referer|3a 20|"; content:!"User-Agent|3a 20|"; content:!"Connection|3a 20|"; content:!"Host|3a 20|"; content:!"Keep-Alive:|3a 20|"; reference:md5, ec993ff561cbc175953502452bfa554a; reference:url,securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/; classtype:trojan-activity; sid:2029794; rev:1; metadata:attack_target Client_Endpoint, created_at 2020_04_02, deployment Perimeter, former_category MALWARE, malware_family Stitch, performance_impact Low, signature_severity Major, updated_at 2020_04_02;)

Added 2021-07-15 18:32:37 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspected Stitch Variant Backdoor CnC?"; flow:established,to_server; content:"|00 00 00 0f|stitch626hctits"; fast_pattern; content:!"Referer|3a 20|"; content:!"User-Agent|3a 20|"; content:!"Connection|3a 20|"; content:!"Host|3a 20|"; content:!"Keep-Alive:|3a 20|"; reference:md5, ec993ff561cbc175953502452bfa554a; reference:url,https://securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/; classtype:trojan-activity; sid:2029794; rev:1; metadata:attack_target Client_Endpoint, created_at 2020_04_02, deployment Perimeter, former_category MALWARE, performance_impact Low, signature_severity Major, updated_at 2020_04_02;)

Added 2020-08-05 19:17:52 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Suspected Stitch Variant Backdoor CnC?"; flow:established,to_server; content:"|00 00 00 0f|stitch626hctits"; fast_pattern; content:!"Referer|3a 20|"; content:!"User-Agent|3a 20|"; content:!"Connection|3a 20|"; content:!"Host|3a 20|"; content:!"Keep-Alive:|3a 20|"; reference:md5, ec993ff561cbc175953502452bfa554a; metadata: former_category MALWARE; reference:url,https://securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/; classtype:trojan-activity; sid:2029794; rev:1; metadata:attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2020_04_02, performance_impact Low, updated_at 2020_04_02;)

Added 2020-04-02 18:46:48 UTC


Topic revision: r1 - 2021-07-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats