MALWARE-CNC -- Snort has detected a Comand and Control (CNC) rule violation, most likely for commands and calls for files or other stages from the control server. The alert indicates a host has been infiltrated by an attacker, who is using the host to make calls for files, as a call-home vector for other malware-infected networks, for shuttling traffic back to bot owners, etc.
MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication
This event is generated when the NukeSped RAT makes connections to an external server. Impact: A Network Trojan was detected Details: Joanap is a fully functional RAT that serves as the payload in various phishing or drive-by attacks. Hidden Cobra uses it to exfiltrate data and host system information, drop and run secondary payloads, and initialize proxy and peer-to-peer communications on compromised Windows devices, according to the alert. It uses Rivest Cipher 4 encryption to communicate with the C2. It also has capabilities to manage botnets for other types of operations, and can carry out file management, process management, the creation and deletion of directories, and node management. Ease of Attack:
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
