ET MALWARE Win32/Atlantida Stealer Sending System Information (POST)
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 22, 2023
UpdatedApril 3, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Win32/Atlantida Stealer Sending System Information (POST)"; flow:established,to_server ; urilen:1; http.method; content:"POST"; http.content_type; bsize:33; content:"application/x-www-form-urlencoded"; http.header_names; content:"|0d 0a|Content-Type|0d 0a|Host|0d 0a|Content-Length|0d 0a|Expect|0d 0a|Connection|0d 0a 0d 0a|"; http.request_body; content:"<Log>"; startswith; fast_pattern; reference:url,twitter.com/crep1x/status/1626280164547076100 ; reference:md5,4f8e6f6b2f467fd50baa4af93225142f ; reference:md5,4d654ec643ef50f03ee3599db0265602 ; reference:md5,c6b5bbc3111f1d93c2d42b58948231c2 ; classtype:trojan-activity; sid:2044290; rev:3; metadata:attack_target Client_Endpoint, created_at 2023_02_22, deployment Perimeter, malware_family Win32_Atlantida, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_03; target:src_ip;)
References
| url | twitter.com/crep1x/status/1626280164547076100 |
| md5 | 4f8e6f6b2f467fd50baa4af93225142f |
| md5 | 4d654ec643ef50f03ee3599db0265602 |
| md5 | c6b5bbc3111f1d93c2d42b58948231c2 |
Metadata
attack targetClient_Endpoint
created at2023_02_22
deploymentPerimeter
malware familyWin32_Atlantida
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_03
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!