ET MALWARE Backdoor Win32.Idicaf/Atraps
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 14, 2012
UpdatedMarch 6, 2024
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor Win32.Idicaf/Atraps"; flow:established,to_server ; dsize:780; content:"|00 00 00 00 00 00 00 00|"; depth:8; content:"|00 00 00 00|"; distance:4; within:4; content:"|00 9C 00 00 00|"; distance:31; within:5; fast_pattern; content:"|00 00 00|"; distance:1; within:3; content:"|00 00 00|"; distance:1; within:3; content:"|00 00|"; distance:2; within:2; content:"|00|"; distance:172; within:1; reference:url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf ; classtype:trojan-activity; sid:2014228; rev:8; metadata:created_at 2012_02_14, confidence Medium, signature_severity Major, updated_at 2024_03_06;)
Metadata
created at2012_02_14
confidenceMedium
signature severityMajor
updated at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!