Rule History

SID: 2014228 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 7 • Feb 14, 2012, 12:00 PM

Message:

ET MALWARE Backdoor Win32.Idicaf/Atraps

Rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor Win32.Idicaf/Atraps"; flow:to_server,established; dsize:780; content:"|00 00 00 00 00 00 00 00|"; depth:8; content:"|00 00 00 00|"; distance:4; within:4; content:"|00 9C 00 00 00|"; distance:31; within:5; fast_pattern; content:"|00 00 00|"; distance:1; within:3; content:"|00 00 00|"; distance:1; within:3; content:"|00 00|"; distance:2; within:2; content:"|00|"; distance:172; within:1; reference:url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf; classtype:trojan-activity; sid:2014228; rev:7; metadata:created_at 2012_02_14, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

Created:

Feb 14, 2012, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-malware.rules