🐾 - APT.Backdoor.MSIL.SUNBURST

SID: 3309594Rev: 10 views
Sourcepawpatrules
CreatedDecember 19, 2020
UpdatedDecember 19, 2020
Classificationtrojan-activity
alert udp $HOME_NET any -> any 53 (msg:"🐾 - APT.Backdoor.MSIL.SUNBURST"; content:"|00 01 00 00|"; offset:4; depth:4; content:"|0b|appsync-api"; distance:0; content:"|09|"; within:1; content:"-"; distance:2; within:1; content:"st"; distance:2; within:2; content:"|0a|avsvmcloud|03|com"; distance:0; content:!"|00 00 0B 61 70 70 73 79 6E 63 2D 61 70 69|"; reference:url,https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html; reference:url,https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/; reference:url,https://github.com/fireeye/sunburst_countermeasures; metadata:created_at 2020_12_19, updated_at 2020_12_19; sid:3309594; rev:1; classtype:trojan-activity;)

References

urlhttps://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
urlhttps://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/
urlhttps://github.com/fireeye/sunburst_countermeasures

Metadata

created at2020_12_19
updated at2020_12_19

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!