ET MALWARE Andariel Elf Backdoor Activity
Sourceet/open
CreatedMay 12, 2022
UpdatedJanuary 17, 2023
Classificationtrojan-activity
alert tcp any any -> any 443 (msg:"ET MALWARE Andariel Elf Backdoor Activity"; dsize:<50; content:"OpenSSL-1.0.0-fipps"; startswith; fast_pattern; reference:md5,eb7ba9f7424dffdb7d695b00007a3c6d; reference:url,boredhackerblog.info/2022/11/openssl-100-fipps-linux-backdoor-notes.html; reference:url,ic3.gov/Media/News/2024/240725.pdf; classtype:trojan-activity; sid:2036592; rev:1; metadata:affected_product Mac_OSX, affected_product Linux, attack_target Client_Endpoint, created_at 2022_05_12, deployment Perimeter, confidence High, signature_severity Major, tag RAT, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_01_17;)
References
| md5 | eb7ba9f7424dffdb7d695b00007a3c6d |
| url | boredhackerblog.info/2022/11/openssl-100-fipps-linux-backdoor-notes.html |
| url | ic3.gov/Media/News/2024/240725.pdf |
Metadata
affected productLinux
attack targetClient_Endpoint
created at2022_05_12
deploymentPerimeter
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_01_17
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!