Versions (4)
Version DetailsCurrent
Rev: 1 • Jun 6, 2022, 12:00 PMET MALWARE Transparent Tribe APT Related Backdoor Receiving Command (Inbound)
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET MALWARE Transparent Tribe APT Related Backdoor Receiving Command (Inbound)"; flow:established,to_client; dsize:17; content:"|0c 00 00 00 00|inf"; startswith; fast_pattern; content:"o="; distance:1; within:2; reference:url,twitter.com/RedDrip7/status/1533659387277221888; reference:md5,70635541c80cd5a237ff789abcce4e27; reference:md5,30bc987b05c707e89f1a0b06e022459e; reference:md5,ac4944bec64b6d40f3bb16d6ed3f06e8; classtype:trojan-activity; sid:2036868; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_06_06, deployment Perimeter, malware_family TransparentTribe, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_06;)
Jun 6, 2022, 12:00 PM
Jun 6, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 2, 2025, 9:35 PM
rules/emerging-malware.rules