ET MALWARE Gulpix/PlugX Client Request

SID: 2018169Rev: 61 views
History
Sourceet/open
CreatedFebruary 21, 2014
UpdatedAugust 18, 2020
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Gulpix/PlugX Client Request"; flow:established,to_server; http.method; content:"POST"; http.header; content:"1|3a 20|"; content:"2|3a 20|"; distance:0; content:"3|3a 20|"; distance:0; pcre:"/^(?P<vname>[^\r\n\x3a]+)(?P<n1>[0-4])\x3a\x20\d+\r\n(?P=vname)(?P<n2>((?!(?P=n1))[0-4]))\x3a\x20\d+\r\n(?P=vname)(?P<n3>((?!((?P=n1)|(?P=n2)))[0-4]))\x3a\x20\d+\r\n(?P=vname)(?:(?!((?P=n1)|(?P=n2)))[0-4])\x3a\x20\d+\r\n/m"; http.header_names; content:!"Referer"; reference:md5,663d7774b6727a070b558676cee9fe43; reference:url,www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html; classtype:trojan-activity; sid:2018169; rev:6; metadata:created_at 2014_02_21, signature_severity Major, updated_at 2020_08_18;)

References

md5
663d7774b6727a070b558676cee9fe43
Google SearchBrave Search
urlwww.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html

Metadata

created at2014_02_21
signature severityMajor
updated at2020_08_18

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!