Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE IP2B Trojan Communication Protocol detected"; flow:established,to_server; content:"|78 56 34 12 00 10 00 10|"; depth:8; fast_pattern; content:"|00 18 09 07 20|"; distance:4; within:5; reference:url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf; classtype:trojan-activity; sid:2014226; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, tls_state plaintext, created_at 2012_02_14, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_12_05, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel; target:src_ip;)