🐾 - 🔥👁 FireEye - Backdoor.HTTP.BEACON.[CSBundle NYTIMES Server]
Sourcepawpatrules
FilePAW-PATRULES_EXPLOIT.rules
CreatedDecember 11, 2020
UpdatedDecember 11, 2020
Classificationtrojan-activity
alert tcp any $HTTP_PORTS -> any any (msg:"🐾 - 🔥👁 FireEye - Backdoor.HTTP.BEACON.[CSBundle NYTIMES Server]"; content:"HTTP/1."; depth:7; content:"Accept-Ranges: bytes" ; content:"Age: 5806" ; content:"Cache-Control: public,max-age=31536000" ; content:"Content-Encoding: gzip" ; content:"Content-Length: 256398" ; content:"Content-Type: application/javascript" ; content:"Server: UploadServer" ; content:"Vary: Accept-Encoding, Fastly-SSL" ; content:"x-api-version: F-X" ; content:"x-cache: HIT" ; content:"x-Firefox-Spdy: h2" ; content:"x-nyt-route: vi-assets" ; content:"x-served-by: cache-mdw17344-MDW" ; content:"x-timer: S1580937960.346550,VS0,VE0" ; reference:url,https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html ; reference:url,https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html ; reference:url,https://github.com/fireeye/red_team_tool_countermeasures ; metadata:created_at 2020_12_11, updated_at 2020_12_11; sid:3309573; rev:1; classtype:trojan-activity;)
References
Metadata
created at2020_12_11
updated at2020_12_11
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!