ET MALWARE Gamaredon APT Related Activity (GET)

SID: 2035288Rev: 11 views
History
Sourceet/open
CreatedFebruary 25, 2022
UpdatedFebruary 25, 2022
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Gamaredon APT Related Activity (GET)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/get.php"; bsize:8; fast_pattern; http.host; pcre:"/^[0-9]{6,10}\./"; http.header_names; content:!"Referer"; http.user_agent; content:!"Linux"; content:!"Android"; reference:md5,2dd5a4237122e73027404a91276f0235; reference:md5,9c8f6b38035c72421e1c71d2bb21ced9; reference:md5,860137d224440fd7c1cb3652199dcd58; classtype:trojan-activity; sid:2035288; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_02_25, deployment Perimeter, malware_family Gamaredon, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_02_25;)

References

md5
2dd5a4237122e73027404a91276f0235
Google SearchBrave Search
md5
9c8f6b38035c72421e1c71d2bb21ced9
Google SearchBrave Search
md5
860137d224440fd7c1cb3652199dcd58
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2022_02_25
deploymentPerimeter
malware familyGamaredon
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_02_25

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!