Versions (5)
Version DetailsCurrent
Rev: 1 • May 12, 2022, 12:00 PMET MALWARE Andariel Elf Backdoor Activity
alert tcp any any -> any 443 (msg:"ET MALWARE Andariel Elf Backdoor Activity"; dsize:<50; content:"OpenSSL-1.0.0-fipps"; startswith; fast_pattern; reference:md5,eb7ba9f7424dffdb7d695b00007a3c6d; reference:url,boredhackerblog.info/2022/11/openssl-100-fipps-linux-backdoor-notes.html; reference:url,ic3.gov/Media/News/2024/240725.pdf; classtype:trojan-activity; sid:2036592; rev:1; metadata:affected_product Mac_OSX, affected_product Linux, attack_target Client_Endpoint, created_at 2022_05_12, deployment Perimeter, confidence High, signature_severity Major, tag RAT, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_01_17;)
May 12, 2022, 12:00 PM
Jan 17, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 3, 2025, 8:34 PM
rules/emerging-malware.rules