ET MALWARE W32/Citadel Download From CnC Server /files/ attachment
Sourceet/open
Fileemerging-malware.rules
CreatedJune 24, 2014
UpdatedApril 7, 2024
Classificationcommand-and-control
alert http1 $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE W32/Citadel Download From CnC Server /files/ attachment"; flow:established,to_client ; flowbits:isset,et.citadel ; http.header; content:"Content-Disposition|3a 20|attachment|3b 20|filename=|22 25 32 65|/files/"; fast_pattern; reference:md5,280ffd0653d150906a65cd513fcafc27 ; reference:md5,f1c8cc93d4e0aabd4713621fe271abc8 ; reference:url,arbornetworks.com/asert/2014/06/the-citadel-and-gameover-campaigns-of-5cb682c10440b2ebaf9f28c1fe438468/ ; classtype:command-and-control; sid:2018599; rev:9; metadata:created_at 2014_06_24, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_07;)
References
| md5 | 280ffd0653d150906a65cd513fcafc27 |
| md5 | f1c8cc93d4e0aabd4713621fe271abc8 |
| url | arbornetworks.com/asert/2014/06/the-citadel-and-gameover-campaigns-of-5cb682c10440b2ebaf9f28c1fe438468/ |
Metadata
created at2014_06_24
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!