ET MALWARE Possible OceanLotus C2 Checkin
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 18, 2016
UpdatedApril 28, 2024
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible OceanLotus C2 Checkin"; flow:established,to_server ; http.method; content:"GET"; http.uri; content:".db?k="; fast_pattern; content:"?q="; distance:0; pcre:"/\?q=[a-f0-9]{32}$/i"; http.header_names; to_lowercase; content:!"|0d 0a|accept"; content:!"|0d 0a|referer|0d 0a|"; content:!"|0d 0a|user-agent|0d 0a|"; reference:url,www.alienvault.com/open-threat-exchange/blog/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update ; classtype:command-and-control; sid:2022541; rev:5; metadata:created_at 2016_02_18, confidence Medium, signature_severity Major, updated_at 2024_04_28;)
Metadata
created at2016_02_18
confidenceMedium
signature severityMajor
updated at2024_04_28
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!