ET MALWARE MacOS/Adload CnC Beacon

7.0.35.0SID: 2047628Rev: 3Enabled4 views
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 11, 2023
UpdatedMarch 27, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE MacOS/Adload CnC Beacon"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:6; content:"/a/rep"; fast_pattern; http.host; content:"m."; startswith; http.user_agent; content:"|20 28|unknown|20|version|29 20|CFNetwork|2f|"; http.content_type; bsize:13; content:"charset=utf-8"; http.request_body; content:"smc"; startswith; content:"$"; distance:7; within:1; isdataat:200,relative; threshold:type limit, count 1, seconds 600, track by_dst; reference:url,cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload; classtype:trojan-activity; sid:2047628; rev:3; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2023_08_11, deployment Perimeter, malware_family Adload, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_27;)

Metadata

affected productMac_OSX
attack targetClient_Endpoint
created at2023_08_11
deploymentPerimeter
malware familyAdload
confidenceHigh
signature severityCritical
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!