Snort Suricata Rules Signatures for Racoon Stealer & Kryptik Malware

Racoon Malware Traffic Sample: 2020-05-09 02:34:46.971465 IP 192.168.86.25.56401 > 34.89.22.128.80: Flags [P.], seq 1:189, ack 1, win 16685, length 188: HTTP: POST /gate/log.php HTTP/1.1 E…+.@…~…V.”Y…Q.P9…9i%.P.A-….POST /gate/log.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 155 Host: 34.89.22.128   Racoon Sample Rule:   alert tcp $HOME_NET any -> any 80 (msg:”Racoon Credential Stealer Malware”; … Read more Snort Suricata Rules Signatures for Racoon Stealer & Kryptik Malware