Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Mustang Panda APT TONESHELL Related Activity"; flow:established,to_server; dsize:12; content:"|17 03 03 00 07 21 0d b6 24 b8|"; startswith; fast_pattern; reference:md5,694b7966a6919372ca0cf8cf49c867d9; reference:md5,10cd7afd580ee9c222b0a87ff241d306; reference:md5,8c71def3df8a8ad0c55738ce110616e0; reference:url,www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html; classtype:trojan-activity; sid:2040134; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_11_28, deployment Perimeter, malware_family MustangPanda, confidence Medium, signature_severity Major, tag TA416, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_12_01; target:src_ip;)