Versions (3)
Version DetailsCurrent
Rev: 5 • Feb 16, 2015, 12:00 PMET MALWARE Arid Viper APT Advtravel Campaign GET Request
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Arid Viper APT Advtravel Campaign GET Request"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"/sys/"; fast_pattern; pcre:"/t=1?\d\/[0-3]?\d\/201\d [0-2]?\d\x3a[0-5]\d\x3a[0-5]\d [AP]M$/"; pcre:"/^\/sys\/(?:who|genid|data|upload|update)/"; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:targeted-activity; sid:2020431; rev:5; metadata:created_at 2015_02_16, signature_severity Major, updated_at 2020_05_15;)
Feb 16, 2015, 12:00 PM
May 15, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules