ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)

7.0.35.0SID: 2025644Rev: 2Enabled2 views
Sourceet/open
Fileemerging-malware.rules
CreatedMay 16, 2016
UpdatedMarch 7, 2024
Classificationtrojan-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)"; flow:established,to_client; content:"|60 89 e5 31|"; content:"|64 8b|"; distance:1; within:2; content:"|30 8b|"; distance:1; within:2; content:"|0c 8b 52 14 8b 72 28 0f b7 4a 26 31 ff|"; distance:1; within:13; content:"|ac 3c 61 7c 02 2c 20 c1 cf 0d 01 c7 e2|"; within:15; content:"|52 57 8b 52 10|"; distance:1; within:5; classtype:trojan-activity; sid:2025644; rev:2; metadata:affected_product Any, attack_target Client_and_Server, created_at 2016_05_16, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, confidence Medium, signature_severity Critical, tag Metasploit, updated_at 2024_03_07;)

Metadata

affected productAny
attack targetClient_and_Server
created at2016_05_16
deploymentDatacenter
confidenceMedium
signature severityCritical
tagMetasploit
updated at2024_03_07

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!