ET MALWARE BadPatch CnC Activity
Sourceet/open
Fileemerging-malware.rules
CreatedOctober 28, 2019
UpdatedApril 13, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE BadPatch CnC Activity"; flow:established,to_server ; http.method; content:"POST"; http.user_agent; content:"python-requests/"; startswith; http.request_body; content:"="; pcre:"/^(?:[A-F0-9]{2}%3A){5}[A-F0-9]{2}&/R" ; content:"=Py+version+"; distance:0; fast_pattern; reference:url,www.fortinet.com/blog/threat-research/badpatch-campaign-uses-python-malware.html ; classtype:command-and-control; sid:2028913; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2019_10_28, deployment Perimeter, malware_family BadPatch, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_13;)
Metadata
affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
created at2019_10_28
deploymentPerimeter
malware familyBadPatch
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!