ET MALWARE Possible Dragonfly APT Activity HTTP URI OPTIONS

SID: 2024899Rev: 30 views
History
Sourceet/open
CreatedOctober 23, 2017
UpdatedSeptember 14, 2020
Classificationtargeted-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Dragonfly APT Activity HTTP URI OPTIONS"; flow:established,to_server; http.method; content:"OPTIONS"; http.uri; content:"/ame_icon.png"; fast_pattern; endswith; reference:url,www.us-cert.gov/ncas/alerts/TA17-293A; reference:url,www.us-cert.gov/sites/default/files/publications/MIFR-10128883_TLP_WHITE.pdf; classtype:targeted-activity; sid:2024899; rev:3; metadata:attack_target Client_Endpoint, created_at 2017_10_23, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2020_09_14;)

References

urlwww.us-cert.gov/ncas/alerts/TA17-293A
urlwww.us-cert.gov/sites/default/files/publications/MIFR-10128883_TLP_WHITE.pdf

Metadata

attack targetClient_Endpoint
created at2017_10_23
deploymentPerimeter
confidenceMedium
signature severityMajor
updated at2020_09_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!