ET MALWARE Sidecopy APT Related Backdoor Activity

SID: 2038798Rev: 10 viewsHistory

Sourceet/open

CreatedSeptember 12, 2022

UpdatedSeptember 12, 2022

Classificationtrojan-activity

alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Sidecopy APT Related Backdoor Activity"; flow:established,to_server; content:"|3c 7c|MAINSOCKET|7c 3e|"; startswith; fast_pattern; pcre:"/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/R"; content:!"Host|3a 20|"; reference:url,twitter.com/bofheaded/status/1569261149845344261; reference:md5,e3cf9f7ccc2850ac5130cc73ca7762aa; classtype:trojan-activity; sid:2038798; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_09_12, deployment Perimeter, malware_family SideCopy, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_09_12;)

References

url	twitter.com/bofheaded/status/1569261149845344261
md5	e3cf9f7ccc2850ac5130cc73ca7762aa Google Search Brave Search

Metadata

attack targetClient_Endpoint

created at2022_09_12

deploymentPerimeter

malware familySideCopy

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2022_09_12

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!