πΎ - π Suspicious svchost.dll downloading via HTTP - Possible πΏ Cobalt Strike payload download πΎ - Seen in IcedID attack
Sourcepawpatrules
FilePAW-PATRULES_MALWARES.rules
CreatedAugust 3, 2022
UpdatedDecember 3, 2022
Classificationtrojan-activity
alert http any any -> $EXTERNAL_NET any (msg:"πΎ - π Suspicious svchost.dll downloading via HTTP - Possible πΏ Cobalt Strike payload download πΎ - Seen in IcedID attack"; flow:to_server, stateless ; http.method; content:"GET"; content:"/svchost.dll"; fast_pattern; reference:url,https://isc.sans.edu/diary//28884 ; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.icedid ; metadata:created_at 2022_08_03, updated_at 2022_12_03; sid:3300693; rev:2; classtype:trojan-activity;)
References
Metadata
created at2022_08_03
updated at2022_12_03
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!