ET MALWARE Infostealer.Jackpos Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 12, 2014
UpdatedApril 13, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Infostealer.Jackpos Checkin"; flow:established,to_server ; http.method; content:"POST"; nocase; http.user_agent; content:"something"; startswith; http.request_body; content:"mac="; fast_pattern; startswith; content:"&t1="; content:"&t2="; pcre:"/^mac=(?:[A-F0-9]{2}-){5}[A-F0-9]{2}&t1=/" ; reference:md5,aa9686c3161242ba61b779aa325e9d24 ; reference:md5,88e721f62470f8bd267810fbaa29104f ; reference:url,intelcrawler.com/about/press10 ; classtype:command-and-control; sid:2018108; rev:6; metadata:created_at 2014_02_12, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_13;)
References
| md5 | aa9686c3161242ba61b779aa325e9d24 |
| md5 | 88e721f62470f8bd267810fbaa29104f |
| url | intelcrawler.com/about/press10 |
Metadata
created at2014_02_12
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!