alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible APT30 or Win32/Nuclear HTTP Framework"; flow:established,to_server; content:"Mozilla/4.0 (compatible|3b 20|MSIE 6.0|3b 20|Win32|29|"; http_user_agent; depth:41; pcre:"/\.(?:txt|gif|exe|bmp)$/Ui"; http_header_names; content:!"Referer"; content:!"Accept"; content:"|0d 0a|User-Agent|0d 0a|HOST|0d 0a|"; depth:20; fast_pattern; metadata: former_category MALWARE; reference:url,www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf; classtype:trojan-activity; sid:2020897; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Exploit_Kit, tag Nuclear, signature_severity Critical, created_at 2015_04_13, malware_family Nuclear, updated_at 2019_10_22;)

Added 2019-10-22 19:03:20 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible APT30 or Win32/Nuclear HTTP Framework"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Win32|29 0d 0a|HOST|3a|"; http_header; depth:60; fast_pattern:40,20; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; pcre:"/\.(?:txt|gif|exe|bmp)$/Ui"; metadata: former_category MALWARE; reference:url,www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf; classtype:trojan-activity; sid:2020897; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Exploit_Kit, tag Nuclear, signature_severity Critical, created_at 2015_04_13, malware_family Nuclear, updated_at 2016_07_01;)

Added 2019-09-26 19:57:58 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible APT30 or Win32/Nuclear HTTP Framework"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Win32|29 0d 0a|HOST|3a|"; http_header; depth:60; fast_pattern:40,20; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; pcre:"/\.(?:txt|gif|exe|bmp)$/Ui"; reference:url,www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf; classtype:trojan-activity; sid:2020897; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Exploit_Kit, tag Nuclear, signature_severity Critical, created_at 2015_04_13, malware_family Nuclear, updated_at 2016_07_01;)

Added 2017-08-07 21:15:29 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Possible APT30 or Win32/Nuclear HTTP Framework"; flow:established,to_server; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Win32|29 0d 0a|HOST|3a|"; http_header; depth:60; fast_pattern:40,20; content:!"Referer|3a|"; http_header; content:!"Accept"; http_header; pcre:"/\.(?:txt|gif|exe|bmp)$/Ui"; reference:url,www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf; classtype:trojan-activity; sid:2020897; rev:2;)

Added 2015-04-13 22:01:12 UTC


Topic revision: r1 - 2019-10-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats