ET MALWARE Netwire RAT Check-in
Sourceet/open
Fileemerging-malware.rules
CreatedApril 28, 2014
UpdatedMarch 14, 2024
Classificationtrojan-activity
alert tcp $EXTERNAL_NET ![22,23,25,80,139,443,445] -> $HOME_NET any (msg:"ET MALWARE Netwire RAT Check-in"; flow:established,to_client ; flowbits:isset,ET.NetwireRAT.Client ; stream_size:server,<,72 ; dsize:69; content:"|41 00 00 00 05|"; depth:5; reference:url,www.circl.lu/pub/tr-23/ ; reference:url,unit42.paloaltonetworks.com/new-release-decrypting-netwire-c2-traffic/ ; classtype:trojan-activity; sid:2018427; rev:7; metadata:attack_target Client_Endpoint, created_at 2014_04_28, deployment Perimeter, malware_family Netwire_RAT, signature_severity Major, updated_at 2024_03_14, reviewed_at 2024_03_06;)
References
Metadata
attack targetClient_Endpoint
created at2014_04_28
deploymentPerimeter
malware familyNetwire_RAT
signature severityMajor
updated at2024_03_14
reviewed at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!