ET MALWARE Arid Viper APT Advtravel Campaign GET Request

7.0.35.0SID: 2020431Rev: 6Enabled1 views
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 16, 2015
UpdatedMarch 6, 2024
Classificationtargeted-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Arid Viper APT Advtravel Campaign GET Request"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/sys/"; fast_pattern; pcre:"/t=1?\d\/[0-3]?\d\/201\d [0-2]?\d\x3a[0-5]\d\x3a[0-5]\d [AP]M$/"; pcre:"/^\/sys\/(?:who|genid|data|upload|update)/"; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:targeted-activity; sid:2020431; rev:6; metadata:created_at 2015_02_16, signature_severity Major, updated_at 2024_03_06;)

Metadata

created at2015_02_16
signature severityMajor
updated at2024_03_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!