MALWARE-FILE-TRANSFER HackTool.Win32.EarthWrom

Rule ID

1232879

Severity

High

Description

EarthWorm is a simple network tunnel tool with SOCKS v5 server and port transfer developed by a Chinese engineer. it is popular in the cyber-attack. With this tool, the attackers are able to bypass the firewall and access the machine in a restricted network.

Impact

Others

Recommendation

Update vendor's patch.

IPS Category

Malware traffic

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

Reference

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a

T1090

Keyword

Volt Typhoon

Created At

2023/05/29

Updated At

2023/05/29

This website uses cookies to ensure you get the best experience on our website.

Learn more