ET MALWARE Arid Viper APT Advtravel Campaign GET Request

SID: 2020431Rev: 50 views
History
Sourceet/open
CreatedFebruary 16, 2015
UpdatedMay 15, 2020
Classificationtargeted-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Arid Viper APT Advtravel Campaign GET Request"; flow:to_server,established; http.method; content:"GET"; http.uri; content:"/sys/"; fast_pattern; pcre:"/t=1?\d\/[0-3]?\d\/201\d [0-2]?\d\x3a[0-5]\d\x3a[0-5]\d [AP]M$/"; pcre:"/^\/sys\/(?:who|genid|data|upload|update)/"; reference:url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf; classtype:targeted-activity; sid:2020431; rev:5; metadata:created_at 2015_02_16, signature_severity Major, updated_at 2020_05_15;)

References

urlwww.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf

Metadata

created at2015_02_16
signature severityMajor
updated at2020_05_15

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!