ET MALWARE Matanbuchus Loader CnC M2
Sourceet/open
Fileemerging-malware.rules
CreatedNovember 16, 2021
UpdatedMarch 26, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Matanbuchus Loader CnC M2"; flow:established,to_server ; http.method; content:"POST"; http.uri; content:".php"; endswith; http.content_type; bsize:33; content:"application/x-www-form-urlencoded"; http.user_agent; content:"Windows-AzureAD-Authentication-Provider/"; startswith; fast_pattern; threshold:type limit, track by_src, count 1, seconds 120 ; reference:url,twitter.com/fr0s7_/status/1458823504925798408 ; classtype:command-and-control; sid:2034467; rev:4; metadata:attack_target Client_Endpoint, created_at 2021_11_16, deployment Perimeter, malware_family Matanbuchus, confidence High, signature_severity Major, updated_at 2024_03_26, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
References
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!