ET MALWARE [PTsecurity] Backdoor.Win32/Remcos RAT pkt checker 4
Sourceet/open
Fileemerging-malware.rules
CreatedSeptember 11, 2017
UpdatedMarch 15, 2024
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"ET MALWARE [PTsecurity] Backdoor.Win32/Remcos RAT pkt checker 4"; flow:established,to_server ; flowbits:isset,FB180732_3 ; flowbits:unset,FB180732_3 ; stream_size:server,<,70 ; stream_size:client,<,696 ; stream_size:client,>,0 ; stream_size:server,>,35 ; threshold:type limit,track by_src,count 1, seconds 30 ; reference:url,blog.fortinet.com/2017/02/14/remcos-a-new-rat-in-the-wild-2 ; classtype:trojan-activity; sid:2024698; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_09_11, deployment Perimeter, malware_family Remcos, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2024_03_15;)
Metadata
affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_Endpoint
created at2017_09_11
deploymentPerimeter
malware familyRemcos
performance impactModerate
confidenceMedium
signature severityMajor
updated at2024_03_15
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!