DDI RULE 423
Publish Date: 02 August 2019
DESCRIPTION NAME:
FAKEAV - HTTP (Request) - Variant 16
CONFIDENCE LEVEL: MEDIUM
informational
Niedrig
Mittel
Hoch
Überblick
KATUSHA Trojans typically arrive via spammed email messages or as files downloaded unknowingly by users when visiting malicious sites. It is used to download and execute other malicious files. In 2010, a spam run that poses as an IT notification contained a KATUSHA variant as an attachment. Cybercriminals also used this malware to launch attacks on the users of the social networking site/blogging platform Multiply.
Technische Details
Attack Phase: Command and Control Communication
Risk Type:
Threat Type: Suspicious Behavior
Confidence Level: Medium
DDI Default Rule Status: Enable
Event Class: Callback
Event Sub Class: Bot
Behavior Indicator: Callback
APT Related: NO
Lösungen
Network Content Correlation Pattern Version: 1.12475.00
Network Content Correlation Pattern Release Date: 17 Mar 2016
Nehmen Sie an unserer Umfrage teil