🐾 - 🚨 Suspicious TCP Keep-Alive ACK from external server - 🥷 Possible QuasarRAT 🪟 C2 activity - TA0011
Sourcepawpatrules
FilePAW-PATRULES_MALWARES.rules
CreatedJanuary 3, 2025
UpdatedJanuary 4, 2025
Classificationcommand-and-control
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious TCP Keep-Alive ACK from external server - 🥷 Possible QuasarRAT 🪟 C2 activity - TA0011"; flow:to_client, stateless ; tcp.flags:A,FSRPUCE ; window:8192; reference:url,https://attack.mitre.org/tactics/TA0011/ ; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat ; metadata:attack_target Client_and_Server, signature_severity Major, affected_product Windows_XP_Vista_7_8_10_11_Server_32_64_Bit, mitre_tactic_id TA0011, mitre_tactic_name Command_and_Control, former_category MALWARE, malware_family QuasarRAT, created_at 2025_01_04, updated_at 2025_01_04; sid:3321407; rev:4; classtype:command-and-control; noalert;)
References
Metadata
attack targetClient_and_Server
signature severityMajor
affected productWindows_XP_Vista_7_8_10_11_Server_32_64_Bit
mitre tactic idTA0011
mitre tactic nameCommand_and_Control
former categoryMALWARE
malware familyQuasarRAT
created at2025_01_04
updated at2025_01_04
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!