alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible APT-12 Related C2"; flow:to_server,established; content:"/url.asp?"; http_uri; content:"-ShowNewsID-"; http_uri; fast_pattern; distance:0; pcre:"/=[A-Za-z0-9\/\+]+={0,2}$/U"; metadata: former_category MALWARE; reference:url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations; classtype:trojan-activity; sid:2017386; rev:2; metadata:created_at 2013_08_27, updated_at 2013_08_27;)

Added 2019-09-19 19:25:57 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible APT-12 Related C2"; flow:to_server,established; content:"/url.asp?"; http_uri; content:"-ShowNewsID-"; http_uri; fast_pattern; distance:0; pcre:"/=[A-Za-z0-9\/\+]+={0,2}$/U"; metadata: former_category CURRENT_EVENTS; reference:url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations; classtype:trojan-activity; sid:2017386; rev:2; metadata:created_at 2013_08_27, updated_at 2013_08_27;)

Added 2019-09-10 20:12:49 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible APT-12 Related C2"; flow:to_server,established; content:"/url.asp?"; http_uri; content:"-ShowNewsID-"; http_uri; fast_pattern; distance:0; pcre:"/=[A-Za-z0-9\/\+]+={0,2}$/U"; reference:url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations; classtype:trojan-activity; sid:2017386; rev:2; metadata:created_at 2013_08_27, updated_at 2013_08_27;)

Added 2018-09-13 19:47:36 UTC


Added 2018-09-13 17:57:59 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET CURRENT_EVENTS Possible APT-12 Related C2"; flow:to_server,established; content:"/url.asp?"; http_uri; content:"-ShowNewsID-"; http_uri; fast_pattern; distance:0; pcre:"/=[A-Za-z0-9\/\+]+={0,2}$/U"; reference:url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations; classtype:trojan-activity; sid:2017386; rev:2; metadata:created_at 2013_08_27, updated_at 2013_08_27;)

Added 2017-08-07 21:11:17 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible APT-12 Related C2"; flow:to_server,established; content:"/url.asp?"; http_uri; content:"-ShowNewsID-"; http_uri; fast_pattern; distance:0; pcre:"/=[A-Za-z0-9\/\+]+={0,2}$/U"; reference:url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations; classtype:trojan-activity; sid:2017386; rev:1;)

Added 2013-08-27 21:32:59 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Possible APT-12 Related C2"; flow:to_server,established; content:"/url.asp?"; http_uri; content:"-ShowNewsID-"; http_uri; fast_pattern; distance:0; pcre:"/=[A-Za-z0-9\/\+]+={0,2}$/U"; reference:url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations; classtype:trojan-activity; sid:2017386; rev:1;)

Added 2013-08-27 18:52:19 UTC


Topic revision: r1 - 2019-09-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats