alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN BadPatch? CnC? Activity"; flow:established,to_server; content:"python-requests/"; http_user_agent; depth:16; content:"="; http_client_body; pcre:"/^(?:[A-F0-9]{2}%3A){5}[A-F0-9]{2}&/PR"; content:"=Py+version+"; http_client_body; distance:0; fast_pattern; content:"POST"; http_method; metadata: former_category MALWARE; reference:url,www.fortinet.com/blog/threat-research/badpatch-campaign-uses-python-malware.html; classtype:trojan-activity; sid:2028913; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, deployment Perimeter, signature_severity Major, created_at 2019_10_28, malware_family BadPatch?, performance_impact Low, updated_at 2019_10_28;)

Added 2019-10-28 18:56:22 UTC


Topic revision: r1 - 2019-10-28 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats