ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
Sourceet/open
Fileemerging-malware.rules
CreatedFebruary 22, 2022
UpdatedApril 4, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Gamaredon APT Related Maldoc Activity (GET)"; flow:established,to_server ; http.request_line; content:"GET /pre.dot HTTP/1.1"; fast_pattern; http.host; content:".ru"; endswith; http.header_names; content:!"Referer"; http.user_agent; content:"|3b 20|ms-office|3b 20|"; reference:url,www.anomali.com/blog/primitive-bear-gamaredon-targets-ukraine-with-timely-themes ; reference:md5,a9260f7ae7939637b9ae43dec8e03abb ; classtype:trojan-activity; sid:2035265; rev:3; metadata:attack_target Client_Endpoint, created_at 2022_02_22, deployment Perimeter, deprecation_reason Age, malware_family Gamaredon, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_04, reviewed_at 2023_08_25;)
References
| url | www.anomali.com/blog/primitive-bear-gamaredon-targets-ukraine-with-timely-themes |
| md5 | a9260f7ae7939637b9ae43dec8e03abb |
Metadata
attack targetClient_Endpoint
created at2022_02_22
deploymentPerimeter
deprecation reasonAge
malware familyGamaredon
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_04
reviewed at2023_08_25
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!