🐾 - 🔥👁 FireEye - Backdoor.HTTP.BEACON.[CSBundle Original POST]

SID: 3309557Rev: 10 views
Sourcepawpatrules
CreatedDecember 11, 2020
UpdatedDecember 11, 2020
Classificationtrojan-activity
alert tcp any any -> any $HTTP_PORTS (msg:"🐾 - 🔥👁 FireEye - Backdoor.HTTP.BEACON.[CSBundle Original POST]"; content:"POST"; depth:4; content:"Accept: */*|0d 0a|"; content:"Accept-Language: en-US|0d 0a|"; content:"Accept-Encoding: gzip, deflate|0d 0a|"; content:"{\"locale\":\"en\",\"channel\":\"prod\",\"addon\":\""; pcre:"/^POST\s(?:\/v4\/links\/check-activity\/check|\/v1\/stats|\/gql|\/api2\/json\/check\/ticket|\/1.5\/95648064\/storage\/history|\/1.5\/95648064\/storage\/tabs|\/u\/0\/_\/og\/botguard\/get|\/ev\/prd001001|\/ev\/ext001001|\/gp\/aw\/ybh\/handlers|\/v3\/links\/ping-beat\/check)/"; content:"ses-"; reference:url,https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html; reference:url,https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html; reference:url,https://github.com/fireeye/red_team_tool_countermeasures; metadata:created_at 2020_12_11, updated_at 2020_12_11; sid:3309557; rev:1; classtype:trojan-activity;)

References

urlhttps://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
urlhttps://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
urlhttps://github.com/fireeye/red_team_tool_countermeasures

Metadata

created at2020_12_11
updated at2020_12_11

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!