ComRAT Network Communication

Aug 12, 2024 · attack.defense-evasion attack.command-and-control attack.t1071.001 attack.g0010 ·

Detects Turla ComRAT network communication.

Sigma rule (View on GitHub)

 1title: ComRAT Network Communication
 2id: 7857f021-007f-4928-8b2c-7aedbe64bb82
 3status: test
 4description: Detects Turla ComRAT network communication.
 5references:
 6    - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
 7author: Florian Roth (Nextron Systems)
 8date: 2020-05-26
 9modified: 2024-02-26
10tags:
11    - attack.defense-evasion
12    - attack.command-and-control
13    - attack.t1071.001
14    - attack.g0010
15logsource:
16    category: proxy
17detection:
18    selection:
19        c-uri|contains: '/index/index.php\?h='
20    condition: selection
21falsepositives:
22    - Unknown
23level: high

References

JPš¢¥Ãè0#tÃî¶»?kSBÇƒ9‰ºÜL—îˆ¾4yDµ,TlÂéúëvE ¼òøs=VW±j¬Œ"·TYIŒDnî–{ªýÁW5>¼q÷"áÈNÄ±ÉÚ“õm�&{?Ž¼3¶×þ¯xKrŒ`FnÑA‚EžiH‡™¼µ¤º±ÛlÅ]6ÛÛgõ¿fÅó&Û˜Íe×ó<Ù¦K&sµ.¦•u¹)¤ëÔª žK^�ëåfqRXÍÆ$ï ¯ÄëK nŒÂŸ...

Read More

ComRAT Network Communication

Sigma rule (View on GitHub)

References

Related rules