Versions (3)
Version DetailsCurrent
Rev: 2 • Feb 22, 2013, 12:00 PMET MALWARE WEBC2-KT3 Intial Connection Beacon APT1 Related
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE WEBC2-KT3 Intial Connection Beacon APT1 Related"; flow:established,to_server; dsize:<11; content:"*!Kt3+v|7c|"; depth:8; flowbits:set,ET.WEBC2KT3; reference:url,www.mandiant.com/apt1; reference:md5,ec3a2197ca6b63ee1454d99a6ae145ab; classtype:targeted-activity; sid:2016456; rev:2; metadata:attack_target Client_Endpoint, created_at 2013_02_22, deployment Perimeter, signature_severity Major, tag c2, updated_at 2019_07_26, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
Feb 22, 2013, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules