ET MALWARE W32/Emotet.v4 Checkin Fake 404 Payload Response
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 3, 2022
UpdatedMarch 18, 2024
Classificationcommand-and-control
alert http $EXTERNAL_NET [443,7080,8080,80] -> $HOME_NET any (msg:"ET MALWARE W32/Emotet.v4 Checkin Fake 404 Payload Response"; flow:established,to_client ; http.stat_code; content:"404"; http.content_type; content:"text/html"; http.content_len; byte_test:0,<=,999999,0,string,dec ; byte_test:0,>,99999,0,string,dec ; file.data; content:!"<html"; nocase; depth:1024; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n][\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n][\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/si" ; reference:md5,dacdcd451204265ad6f44ef99db1f371 ; classtype:command-and-control; sid:2035065; rev:3; metadata:created_at 2022_02_03, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_18;)
References
| md5 | dacdcd451204265ad6f44ef99db1f371 |
Metadata
created at2022_02_03
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_18
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!