Hi,
At the end of this recordedfuture report is snort rules for CastleLoader and CastleRAT
Thanks @kevross33 , @kraghu has been combing through this report for signature food!
@kevross33
2066299 - ET MALWARE CastleLoader Malware Outbound Checkin (malware.rules)
Has been released, more to come soon!
There are signatures at the end in the appendix.
1 Like
-
2066349 - ET MALWARE CastleLoader Malware Outbound Payload Request (malware.rules)
-
2066354 - ET MALWARE CastleLoader Malware Stager Outbound Payload Request (malware.rules)
-
2066355 - ET MALWARE CastleLoader Malware Inbound Command Retrieval via Finger Service (malware.rules)
-
2066356 - ET MALWARE CastleRAT Malware Outbound Handshake (malware.rules)