ET MALWARE Win32/RM3Loader Server Response
Sourceet/open
Fileemerging-malware.rules
CreatedOctober 7, 2022
UpdatedApril 26, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Win32/RM3Loader Server Response"; flow:established,to_client ; flowbits:isset,ET.rm3loader ; http.stat_code; content:"200"; http.response_header; header_lowercase; content:"content-disposition|3a 20|attachment|3b 20|filename|3d 22|frontend_front_"; fast_pattern; startswith; content:"frontendfront"; distance:10; within:35; reference:md5,aaef17d68339c7f2f19fb780ab90e156 ; classtype:trojan-activity; sid:2039130; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_10_07, deployment Perimeter, deployment SSLDecrypt, malware_family ursnif, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_26;)
References
| md5 | aaef17d68339c7f2f19fb780ab90e156 |
Metadata
attack targetClient_Endpoint
created at2022_10_07
deploymentSSLDecrypt
malware familyursnif
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_26
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!