🐾 - APT.Backdoor.MSIL.SUNBURST

SID: 3309581Rev: 10 views
Sourcepawpatrules
CreatedDecember 19, 2020
UpdatedDecember 19, 2020
Classificationtrojan-activity
alert tcp $HOME_NET any -> any any (msg:"🐾 - APT.Backdoor.MSIL.SUNBURST"; content:"T "; offset:2; depth:3; content:"swip/Upload.ashx HTTP/1"; within:100; content:"Host: "; content:!".solarwinds.com"; within:100; reference:url,https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html; reference:url,https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/; reference:url,https://github.com/fireeye/sunburst_countermeasures; metadata:created_at 2020_12_19, updated_at 2020_12_19; sid:3309581; rev:1; classtype:trojan-activity;)

References

urlhttps://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
urlhttps://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/
urlhttps://github.com/fireeye/sunburst_countermeasures

Metadata

created at2020_12_19
updated at2020_12_19

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!