ET MALWARE Transparent Tribe APT Related Backdoor Receiving Command (Inbound)
Sourceet/open
CreatedJune 6, 2022
UpdatedJune 6, 2022
Classificationtrojan-activity
alert tcp $EXTERNAL_NET 1024: -> $HOME_NET any (msg:"ET MALWARE Transparent Tribe APT Related Backdoor Receiving Command (Inbound)"; flow:established,to_client; dsize:17; content:"|0c 00 00 00 00|inf"; startswith; fast_pattern; content:"o="; distance:1; within:2; reference:url,twitter.com/RedDrip7/status/1533659387277221888; reference:md5,70635541c80cd5a237ff789abcce4e27; reference:md5,30bc987b05c707e89f1a0b06e022459e; reference:md5,ac4944bec64b6d40f3bb16d6ed3f06e8; classtype:trojan-activity; sid:2036868; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_06_06, deployment Perimeter, malware_family TransparentTribe, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_06;)
References
| url | twitter.com/RedDrip7/status/1533659387277221888 |
| md5 | 70635541c80cd5a237ff789abcce4e27 |
| md5 | 30bc987b05c707e89f1a0b06e022459e |
| md5 | ac4944bec64b6d40f3bb16d6ed3f06e8 |
Metadata
attack targetClient_Endpoint
created at2022_06_06
deploymentPerimeter
malware familyTransparentTribe
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_06_06
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!