MALWARE [PTsecurity] Possible Observed Malicious SSL Connection (APT32)

SID: 11003556Rev: 10 views
Sourceptresearch/attackdetection
CreatedAugust 21, 2018
UpdatedAugust 21, 2018
Classificationtrojan-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"MALWARE [PTsecurity] Possible Observed Malicious SSL Connection (APT32)"; flow:established, to_client; content:"|1703|"; depth:2; content:"|0090|"; distance:1; within:2; fast_pattern; stream_size:server, >,2942; stream_size:server, <,37492; stream_size:client, >,603; stream_size:client, <,17700; flowbits:isset, FB658819_0; flowbits:unset, FB658819_0; threshold:type limit, track by_src, count 1, seconds 30; classtype:trojan-activity; metadata:created_at 2018_08_21; reference:url, github.com/ptresearch/AttackDetection; sid:11003556; rev:1;)

References

urlgithub.com/ptresearch/AttackDetection

Metadata

created at2018_08_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!