ET MALWARE PLATINUM Steganographic HTTP Response Page Inbound
Sourceet/open
Fileemerging-malware.rules
CreatedJune 5, 2019
UpdatedMarch 7, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE PLATINUM Steganographic HTTP Response Page Inbound"; flow:established,to_client ; http.stat_code; content:"200"; file.data; content:"|3c 21|--1234567890--"; fast_pattern; content:"|3c|td|20|bgcolor=|22|"; distance:0; content:"|3c|td|20|align=|22|"; distance:0; content:"|20 20 20 20 09|"; distance:0; content:"|20 20 20 20|"; distance:0; content:"--1234567890--|3e|"; distance:0; reference:url,securelist.com/platinum-is-back/91135/ ; classtype:trojan-activity; sid:2027434; rev:4; metadata:created_at 2019_06_05, malware_family PLATINUM, confidence High, signature_severity Major, tag T1001, tag data_obfuscation, tag T1140, tag deobfuscate_decode_payload, updated_at 2024_03_07;)
References
Metadata
created at2019_06_05
malware familyPLATINUM
confidenceHigh
signature severityMajor
tagdeobfuscate_decode_payload
updated at2024_03_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!