Versions (5)
Version DetailsCurrent
Rev: 2 • Oct 4, 2018, 12:00 PMET MALWARE NCSC APT28 - Web/request -FILE- contenttype
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE NCSC APT28 - Web/request -FILE- contenttype"; flow:established,from_client; content:"-FILE-"; pcre:"/[A-Z0-9\-]{16}-FILE-[^\r\n]+.tmp/"; reference:url,www.ncsc.gov.uk/content/files/protected_files/article_files/IOC-APT28-malware-advisory.pdf; classtype:targeted-activity; sid:2026441; rev:2; metadata:created_at 2018_10_04, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)Oct 4, 2018, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 25, 2025, 9:34 PM
rules/emerging-malware.rules