ET MALWARE DuvetStealer C2 (send-token) Traffic Outbound

7.0.35.0SID: 2061543Rev: 1Enabled32 views
Sourceet/open
Fileemerging-malware.rules
CreatedApril 14, 2025
UpdatedApril 14, 2025
Classificationtrojan-activity
alert http $HOME_NET any -> any any (msg:"ET MALWARE DuvetStealer C2 (send-token) Traffic Outbound"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:15; content:"/api/send-token"; fast_pattern; http.user_agent; content:"axios|2f|"; http.request_body; content:"|22|key|22 3a|"; content:"|22|tokens|22 3a|"; content:"|22|ip|22 3a|"; content:"|22|hwid|22 3a|"; reference:url,x.com/naumovax/status/1911775775558177166; classtype:trojan-activity; sid:2061543; rev:1; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_04_14, deployment Perimeter, confidence High, signature_severity Major, tag c2, updated_at 2025_04_14, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol; target:src_ip;)

Metadata

attack targetClient_Endpoint
tls stateplaintext
created at2025_04_14
deploymentPerimeter
confidenceHigh
signature severityMajor
tagc2
updated at2025_04_14
mitre tactic idTA0011
mitre tactic nameCommand_And_Control
mitre technique idT1071
mitre technique nameApplication_Layer_Protocol

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!