[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] CobaltStrike payload
From: Attack Detection <attackdetectionteam () gmail ! com>
Date: 2017-09-26 12:22:45
Message-ID: CALJOUfY=gYx663TYNu4phgJ4rBbrkME=wd_R-LRAM8codOP9ww () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: "ET TROJAN
[PTsecurity] Cobalt Strike payload";flow: established, to_client;
content:"200"; http_stat_code; content: "|fce8 0000 0000 eb|";
http_server_body;depth: 7; classtype: trojan-activity; sid: 10000749; rev:
1;)
PCAPs:
https://www.dropbox.com/sh/n3tglwutjyczfp2/AAAouNbnh32Nj2xrqzF2wzzya?dl=0
- John.
[Attachment #5 (text/html)]
<div dir="ltr"><div>alert http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: \
"ET TROJAN [PTsecurity] Cobalt Strike payload";flow: established, \
to_client; content:"200"; http_stat_code; content: "|fce8 0000 0000 \
eb|"; http_server_body;depth: 7; classtype: trojan-activity; sid: 10000749; rev: \
1;)<br><br>PCAPs:<br><a \
href="https://www.dropbox.com/sh/n3tglwutjyczfp2/AAAouNbnh32Nj2xrqzF2wzzya?dl=0">https \
://www.dropbox.com/sh/n3tglwutjyczfp2/AAAouNbnh32Nj2xrqzF2wzzya?dl=0</a><br><br></div>- \
John.<br></div>
[Attachment #6 (text/plain)]
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic