ET MALWARE Sednit/AZZY Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedOctober 28, 2014
UpdatedApril 28, 2024
Classificationtargeted-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Sednit/AZZY Checkin"; flow:established,to_server ; http.method; content:"POST"; http.uri; content:"/"; offset:1; http.user_agent; content:"MSIE|20|"; startswith; fast_pattern; pcre:"/^MSIE \d+\.\d+$/i"; http.header_names; to_lowercase; content:!"|0d 0a|content-type|0d 0a|"; content:!"|0d 0a|referer|0d 0a|"; content:!"|0d 0a|accept"; reference:md5,7c373c607c8724f8be461d61016ed272 ; reference:url,www.fireeye.com/resources/pdfs/apt28.pdf ; reference:url,securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/ ; classtype:targeted-activity; sid:2019534; rev:7; metadata:created_at 2014_10_28, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_28;)
References
| md5 | 7c373c607c8724f8be461d61016ed272 |
| url | www.fireeye.com/resources/pdfs/apt28.pdf |
| url | securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/ |
Metadata
created at2014_10_28
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_28
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!