ET MALWARE Win32/FireStealer Related Server Response

7.0.35.0SID: 2051909Rev: 2Enabled1 views
Sourceet/open
Fileemerging-malware.rules
CreatedApril 3, 2024
UpdatedApril 25, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Win32/FireStealer Related Server Response"; flow:established,to_client; http.stat_code; content:"200"; http.server; bsize:5; content:"nginx"; http.content_type; bsize:31; content:"application/json|3b 20|charset=utf-8"; file.data; content:"|7b 22|status|22 3a 20 22|Success|22 2c 20 22|k|22 3a 20 22|"; startswith; fast_pattern; content:"|22 2c 20 22|c|22 3a 20|"; distance:0; reference:md5,03f80949b6a0d5148c4e0d0557175131; classtype:trojan-activity; sid:2051909; rev:2; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2024_04_03, deployment Perimeter, malware_family Win32_FireStealer, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_25; target:dest_ip;)

References

md5
03f80949b6a0d5148c4e0d0557175131

Metadata

attack targetClient_Endpoint
tls stateplaintext
created at2024_04_03
deploymentPerimeter
malware familyWin32_FireStealer
confidenceHigh
signature severityCritical
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_25

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!