ET MALWARE Arid Viper APT Advtravel Campaign GET Request
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 16, 2015
UpdatedMarch 6, 2024
Classificationtargeted-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Arid Viper APT Advtravel Campaign GET Request"; flow:established,to_server ; http.method; content:"GET"; http.uri; content:"/sys/"; fast_pattern; pcre:"/t=1?\d\/[0-3]?\d\/201\d [0-2]?\d\x3a[0-5]\d\x3a[0-5]\d [AP]M$/"; pcre:"/^\/sys\/(?:who|genid|data|upload|update)/" ; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf ; classtype:targeted-activity; sid:2020431; rev:6; metadata:created_at 2015_02_16, signature_severity Major, updated_at 2024_03_06;)
References
Metadata
created at2015_02_16
signature severityMajor
updated at2024_03_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!