ET MALWARE Backdoor Win32.Idicaf/Atraps

7.0.35.0SID: 2014228Rev: 8Enabled0 views
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 14, 2012
UpdatedMarch 6, 2024
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor Win32.Idicaf/Atraps"; flow:established,to_server; dsize:780; content:"|00 00 00 00 00 00 00 00|"; depth:8; content:"|00 00 00 00|"; distance:4; within:4; content:"|00 9C 00 00 00|"; distance:31; within:5; fast_pattern; content:"|00 00 00|"; distance:1; within:3; content:"|00 00 00|"; distance:1; within:3; content:"|00 00|"; distance:2; within:2; content:"|00|"; distance:172; within:1; reference:url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf; classtype:trojan-activity; sid:2014228; rev:8; metadata:created_at 2012_02_14, confidence Medium, signature_severity Major, updated_at 2024_03_06;)

Metadata

created at2012_02_14
confidenceMedium
signature severityMajor
updated at2024_03_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!