Devil Bait Potential C2 Communication Traffic

calendar Aug 12, 2024 · attack.command-and-control detection.emerging-threats  ·
Share on: linkedin copy

Detects potential C2 communication related to Devil Bait malware

Sigma rule (View on GitHub)

 1title: Devil Bait Potential C2 Communication Traffic
 2id: 514c50c9-373a-46e5-9012-f0327c526c8f
 3status: test
 4description: Detects potential C2 communication related to Devil Bait malware
 5references:
 6    - https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/devil-bait/NCSC-MAR-Devil-Bait.pdf
 7author: Nasreddine Bencherchali (Nextron Systems)
 8date: 2023-05-15
 9modified: 2023-08-23
10tags:
11    - attack.command-and-control
12    - detection.emerging-threats
13logsource:
14    category: proxy
15detection:
16    selection:
17        cs-method: 'GET'
18        cs-uri|contains|all:
19            - '/cross.php?op='
20            - '&dt='
21            - '&uid='
22    condition: selection
23falsepositives:
24    - Unlikely
25level: high

References

  • %PDF-1.7 %µµµµ 1 0 obj /Metadata 886 0 R/ViewerPreferences 887 0 R>> endobj 2 0 obj endobj 3 0 obj /ExtGState /XObject /ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 594.96 842.04] /Cont...


    Read More

Related rules

to-top