alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Rerdom/Asprox CnC? Beacon"; flow:established,to_server; content:"GET"; http_method; content:"/b/pkg/"; http_uri; fast_pattern; pcre:"/^[A-Za-z0-9]{14,15}$/UR"; reference:url,malware-traffic-analysis.net/2014/08/24/index.html; reference:url,www.damballa.com/wp-content/uploads/2014/11/Behind_Malware_Infection_Chain_Rerdom.pdf; classtype:trojan-activity; sid:2019760; rev:3; metadata:attack_target Client_Endpoint, created_at 2014_11_20, deployment Perimeter, former_category MALWARE, signature_severity Major, tag c2, updated_at 2020_08_18, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

Added 2021-06-18 18:19:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Rerdom/Asprox CnC? Beacon"; flow:established,to_server; content:"GET"; http_method; content:"/b/pkg/"; http_uri; fast_pattern; pcre:"/^[A-Za-z0-9]{14,15}$/UR"; reference:url,malware-traffic-analysis.net/2014/08/24/index.html; reference:url,www.damballa.com/wp-content/uploads/2014/11/Behind_Malware_Infection_Chain_Rerdom.pdf; classtype:trojan-activity; sid:2019760; rev:3; metadata:created_at 2014_11_20, former_category MALWARE, updated_at 2020_08_18;)

Added 2020-08-18 17:53:55 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Rerdom/Asprox CnC? Beacon"; flow:established,to_server; content:"GET"; http_method; content:"/b/pkg/"; http_uri; fast_pattern; pcre:"/^[A-Za-z0-9]{14,15}$/UR"; reference:url,malware-traffic-analysis.net/2014/08/24/index.html; reference:url,www.damballa.com/wp-content/uploads/2014/11/Behind_Malware_Infection_Chain_Rerdom.pdf; classtype:trojan-activity; sid:2019760; rev:3; metadata:created_at 2014_11_20, former_category MALWARE, updated_at 2014_11_20;)

Added 2020-08-05 19:10:31 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Rerdom/Asprox CnC? Beacon"; flow:established,to_server; content:"GET"; http_method; content:"/b/pkg/"; http_uri; fast_pattern; pcre:"/^[A-Za-z0-9]{14,15}$/UR"; metadata: former_category MALWARE; reference:url,malware-traffic-analysis.net/2014/08/24/index.html; reference:url,www.damballa.com/wp-content/uploads/2014/11/Behind_Malware_Infection_Chain_Rerdom.pdf; classtype:trojan-activity; sid:2019760; rev:3; metadata:created_at 2014_11_20, updated_at 2014_11_20;)

Added 2019-09-19 19:26:10 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Rerdom/Asprox CnC? Beacon"; flow:established,to_server; content:"GET"; http_method; content:"/b/pkg/"; http_uri; fast_pattern; pcre:"/^[A-Za-z0-9]{14,15}$/UR"; reference:url,malware-traffic-analysis.net/2014/08/24/index.html; reference:url,www.damballa.com/wp-content/uploads/2014/11/Behind_Malware_Infection_Chain_Rerdom.pdf; classtype:trojan-activity; sid:2019760; rev:3; metadata:created_at 2014_11_20, updated_at 2014_11_20;)

Added 2018-09-13 19:49:52 UTC


Added 2018-09-13 17:59:19 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Rerdom/Asprox CnC? Beacon"; flow:established,to_server; content:"GET"; http_method; content:"/b/pkg/"; http_uri; fast_pattern:only; pcre:"/\/b\/pkg\/[A-Za-z0-9]{14,15}$/U"; reference:url,malware-traffic-analysis.net/2014/08/24/index.html; reference:url,www.damballa.com/wp-content/uploads/2014/11/Behind_Malware_Infection_Chain_Rerdom.pdf; classtype:trojan-activity; sid:2019760; rev:2; metadata:created_at 2014_11_20, updated_at 2014_11_20;)

Added 2017-08-07 21:14:04 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Rerdom/Asprox CnC? Beacon"; flow:established,to_server; content:"GET"; http_method; content:"/b/pkg/"; http_uri; fast_pattern:only; pcre:"/\/b\/pkg\/[A-Za-z0-9]{14,15}$/U"; reference:url,malware-traffic-analysis.net/2014/08/24/index.html; reference:url,www.damballa.com/wp-content/uploads/2014/11/Behind_Malware_Infection_Chain_Rerdom.pdf; classtype:trojan-activity; sid:2019760; rev:2;)

Added 2014-11-20 17:48:08 UTC


Topic revision: r1 - 2021-06-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats