ET MALWARE TA577 Style Request (2023-05-15)
Sourceet/open
Fileemerging-malware.rules
CreatedSeptember 25, 2023
UpdatedApril 27, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TA577 Style Request (2023-05-15)"; flow:established,to_server ; flowbits:set,ET.TA557.20230515.Request ; http.method; content:"GET"; urilen:10<>16; http.uri; content:"/"; startswith; content:"/?0"; offset:3; depth:5; fast_pattern; isdataat:!8,relative ; content:!"|2e|"; content:!"&"; pcre:"/^\/(?!(?:h(?:elp|tml)|a(?:ch|ds)|blog|goto|item|site|user|en))(?:[A-IL-VX]{2,4}|[a-il-vx]{2,4})\/\?0[0-9]{4,7}$/" ; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; nocase; http.host; content:!"ebby.com"; content:!"attsuppliers.com"; content:!"rittal.com"; classtype:trojan-activity; sid:2048221; rev:5; metadata:attack_target Client_and_Server, created_at 2023_09_25, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence Medium, signature_severity Major, tag TA577, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_27, reviewed_at 2023_09_26; target:src_ip;)
Metadata
attack targetClient_and_Server
created at2023_09_25
deploymentSSLDecrypt
performance impactLow
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_27
reviewed at2023_09_26
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!