""ET TROJAN [ANY.RUN] PovertyStealer Exfiltration M1""

SID: 2047067

Revision: 1

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_08_07, deployment Perimeter, malware_family PovertyStealer, confidence High, signature_severity Critical, updated_at 2023_12_28

Reference:

• Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 2227

Flow: established,to_server

Contents:

• Value: "Databases|5c|Adobe|5c|"

• Value: "Databases|5c|Google|5c|Chrome|5c|"

• Value: "Databases|5c|Microsoft|5c|Edge|5c|"

• Value: "Databases|5c|Mozilla|5c|"

Within:

PCRE:

Special Options:

source