ET MALWARE TraderTraitor AlticGO CnC Checkin (POST)

SID: 2036410Rev: 10 views
History
Sourceet/open
CreatedApril 27, 2022
UpdatedApril 27, 2022
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TraderTraitor AlticGO CnC Checkin (POST)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/update/"; http.user_agent; content:"AlticGO/1.1.0"; nocase; fast_pattern; reference:url,gist.github.com/travisbgreen/01e1fdf239a9d302b14584bc82f68a2a; reference:url,www.cisa.gov/uscert/ncas/alerts/aa22-108a; classtype:trojan-activity; sid:2036410; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_04_27, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2022_04_27;)

References

urlgist.github.com/travisbgreen/01e1fdf239a9d302b14584bc82f68a2a
urlwww.cisa.gov/uscert/ncas/alerts/aa22-108a

Metadata

attack targetClient_Endpoint
created at2022_04_27
deploymentSSLDecrypt
performance impactLow
confidenceHigh
signature severityMajor
updated at2022_04_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!