SID 1:64406

Report a false positive

Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER Win.Trojan.WinOS4 download attempt

Rule Explanation

This rule alerts on file downloads of Win.Trojan.WinOS4. WinOS 4.0 is an post-exploitation framework derived from ghostRat that is used to establish persistent access to an infected machine.

What To Look For

This rule alerts on file downloads of Win.Trojan.WinOS4.

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Additional Links

www.virustotal.com/gui/search/033965f3063bc2a45e5bd3a57ffce098b9308668d70b9b3063f066df5f3e55dd

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None