ET MALWARE Backdoor.Win32.Fynloski.A/DarkRat Checkin Outbound
Sourceet/open
Fileemerging-malware.rules
CreatedNovember 22, 2010
UpdatedMarch 6, 2024
Classificationcommand-and-control
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor.Win32.Fynloski.A/DarkRat Checkin Outbound"; flow:established,to_server ; dsize:<16; content:"KEEPALIVE"; depth:9; pcre:"/^KEEPALIVE\x7c?\d/"; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 ; reference:url,www.contextis.com/research/blog/darkcometrat/ ; reference:url,www.eff.org/deeplinks/2012/08/syrian-malware-post ; reference:md5,a2f58a4215441276706f18519dae9102 ; classtype:command-and-control; sid:2013090; rev:11; metadata:created_at 2010_11_22, signature_severity Major, updated_at 2024_03_06;)
References
Metadata
created at2010_11_22
signature severityMajor
updated at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!