ET MALWARE TDTESS Backdoor User-Agent

SID: 2024498Rev: 30 viewsHistory

Sourceet/open

CreatedJuly 25, 2017

UpdatedAugust 11, 2020

Classificationtrojan-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TDTESS Backdoor User-Agent"; flow:established,to_server; http.user_agent; content:"XXXXXXXXXXXXXXXXX/5.0 (Windows NT 6.1 WOW64|3b 20|Trident/7.0|3b 20|AS|3b 20|rv:11.0) like Gecko"; reference:md5,113ca319e85778b62145019359380a08; reference:url,www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf; classtype:trojan-activity; sid:2024498; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_07_25, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, updated_at 2020_08_11;)

References

md5	113ca319e85778b62145019359380a08 Google Search Brave Search
url	www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

created at2017_07_25

deploymentPerimeter

performance impactModerate

confidenceHigh

signature severityMajor

updated at2020_08_11

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!