ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 18, 2022
UpdatedApril 4, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Gamaredon APT Related Maldoc Activity (GET)"; flow:established,to_server ; http.request_line; content:"GET /wsusa HTTP/1.1"; fast_pattern; http.header_names; content:!"Referer"; http.user_agent; content:"|3b 20|ms-office|3b 20|"; reference:url,www.anomali.com/blog/primitive-bear-gamaredon-targets-ukraine-with-timely-themes ; reference:md5,f8af71e85f5bee6b3fee2fcfd15da893 ; classtype:trojan-activity; sid:2035222; rev:3; metadata:attack_target Client_Endpoint, created_at 2022_02_18, deployment Perimeter, deprecation_reason Age, malware_family Gamaredon, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_04, reviewed_at 2023_08_25;)
References
| url | www.anomali.com/blog/primitive-bear-gamaredon-targets-ukraine-with-timely-themes |
| md5 | f8af71e85f5bee6b3fee2fcfd15da893 |
Metadata
attack targetClient_Endpoint
created at2022_02_18
deploymentPerimeter
deprecation reasonAge
malware familyGamaredon
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_04
reviewed at2023_08_25
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!