{
	"id": "d0ce91f1-bae4-4ebe-848d-736e205e97db",
	"created_at": "2026-04-06T00:09:31.014142Z",
	"updated_at": "2026-04-10T03:19:58.607629Z",
	"deleted_at": null,
	"sha1_hash": "8b07e22df700df2f4e25f748801124f285fb53b1",
	"title": "Snort - Rule Docs 1:26941",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34438,
	"plain_text": "Snort - Rule Docs 1:26941\r\nArchived: 2026-04-05 20:43:17 UTC\r\nRule Category\r\nMALWARE-CNC -- Snort has detected a Comand and Control (CNC) rule violation, most likely for commands\r\nand calls for files or other stages from the control server. The alert indicates a host has been infiltrated by an\r\nattacker, who is using the host to make calls for files, as a call-home vector for other malware-infected networks,\r\nfor shuttling traffic back to bot owners, etc.\r\nAlert Message\r\nMALWARE-CNC Win.Trojan.PipCreat RAT dropper download\r\nRule Explanation\r\nThis event is generated when activity relating to malware is detected. Impact: Serious. Possible existance of\r\nmalware on the target host. Details: This activity is indicative of malware activity on a host. In this case the\r\nMALWARE-CNC Win.Trojan.PipCreat RAT dropper download was detected. Ease of Attack: Simple. This may\r\nbe an indication of a malware infestation.\r\nWhat To Look For\r\nNo information provided\r\nKnown Usage\r\nNo public information\r\nFalse Positives\r\nNo known false positives\r\nContributors\r\nCisco Talos\r\nRule Groups\r\nNo rule groups\r\nNone\r\nAdditional Links\r\nhttps://www.snort.org/rule_docs/1-26941\r\nPage 1 of 2\n\nRule Vulnerability\r\nNo information provided\r\nCVE Additional Information\r\nThis product uses data from the NVD API but is not endorsed or certified by the NVD.\r\nNone\r\nSource: https://www.snort.org/rule_docs/1-26941\r\nhttps://www.snort.org/rule_docs/1-26941\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.snort.org/rule_docs/1-26941"
	],
	"report_names": [
		"1-26941"
	],
	"threat_actors": [],
	"ts_created_at": 1775434171,
	"ts_updated_at": 1775791198,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8b07e22df700df2f4e25f748801124f285fb53b1.pdf",
		"text": "https://archive.orkl.eu/8b07e22df700df2f4e25f748801124f285fb53b1.txt",
		"img": "https://archive.orkl.eu/8b07e22df700df2f4e25f748801124f285fb53b1.jpg"
	}
}