Versions (4)
Version DetailsCurrent
Rev: 3 • Aug 28, 2013, 12:00 PMET MALWARE Possible APT-12 Related C2
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible APT-12 Related C2"; flow:to_server,established; http.uri; content:"/url.asp?"; content:"-ShowNewsID-"; fast_pattern; distance:0; pcre:"/=[A-Za-z0-9\/\+]+={0,2}$/"; reference:url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations; classtype:targeted-activity; sid:2017386; rev:3; metadata:created_at 2013_08_28, confidence Medium, signature_severity Major, updated_at 2020_04_24;)Aug 28, 2013, 12:00 PM
Apr 24, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules