ET MALWARE Backdoor Win32.Idicaf/Atraps

SID: 2014228Rev: 70 viewsHistory

Sourceet/open

CreatedFebruary 14, 2012

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Backdoor Win32.Idicaf/Atraps"; flow:to_server,established; dsize:780; content:"|00 00 00 00 00 00 00 00|"; depth:8; content:"|00 00 00 00|"; distance:4; within:4; content:"|00 9C 00 00 00|"; distance:31; within:5; fast_pattern; content:"|00 00 00|"; distance:1; within:3; content:"|00 00 00|"; distance:1; within:3; content:"|00 00|"; distance:2; within:2; content:"|00|"; distance:172; within:1; reference:url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf; classtype:trojan-activity; sid:2014228; rev:7; metadata:created_at 2012_02_14, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

url	www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf

Metadata

created at2012_02_14

confidenceMedium

signature severityMajor

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!