ET ADWARE_PUP W32/Stan Malvertising.Dropper CnC Beacon

7.0.35.0SID: 2019145Rev: 6Enabled0 views
Sourceet/open
Fileemerging-adware_pup.rules
CreatedSeptember 10, 2014
UpdatedApril 7, 2024
Classificationpup-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ADWARE_PUP W32/Stan Malvertising.Dropper CnC Beacon"; flow:established,to_server; urilen:>50; http.method; content:"GET"; http.uri; pcre:"/^\/[a-f0-9]{50,}$/"; http.header; content:"Proxy-Authorization|3a 20|Basic"; http.host; content:"stan|2E|"; fast_pattern; startswith; http.header_names; content:!"Accept-"; content:!"Referer|0d 0a|"; reference:url,blogs.cisco.com/security/kyle-and-stan/; classtype:pup-activity; sid:2019145; rev:6; metadata:attack_target Client_Endpoint, created_at 2014_09_10, deployment Perimeter, signature_severity Minor, tag c2, updated_at 2024_04_07, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

Metadata

attack targetClient_Endpoint
created at2014_09_10
deploymentPerimeter
signature severityMinor
tagc2
updated at2024_04_07
mitre tactic idTA0010
mitre tactic nameExfiltration
mitre technique idT1041
mitre technique nameExfiltration_Over_C2_Channel

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!