alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Matryoshka CnC? Beacon 1"; flow:established,to_server; urilen:>50; content:"GET"; http_method; content:"/img/"; depth:5; http_uri; content:"/"; distance:32; within:1; http_uri; content:"/general.png"; http_uri; fast_pattern; content:!"Referer|3a|"; http_header; pcre:"/^\/img\/[a-f0-9]{32}\/[a-f0-9]+\/general\.png$/U"; metadata: former_category MALWARE; reference:md5,9853fc1f4d7ba23d728f4ee80842faf9; reference:url,minerva-labs.com/#!CopyKittens-Attack-Group/c7a5/5655651e0cf20a760c4cae95; classtype:trojan-activity; sid:2022146; rev:3; metadata:created_at 2015_11_25, updated_at 2019_10_07;)

Added 2019-10-08 19:34:34 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Matryoshka CnC? Beacon 1"; flow:established,to_server; urilen:>50; content:"GET"; http_method; content:"/img/"; depth:5; http_uri; content:"/"; distance:32; within:1; http_uri; content:"/general.png"; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/^\/img\/[a-f0-9]{32}\/[a-f0-9]+\/general\.png$/U"; metadata: former_category MALWARE; reference:md5,9853fc1f4d7ba23d728f4ee80842faf9; reference:url,minerva-labs.com/#!CopyKittens-Attack-Group/c7a5/5655651e0cf20a760c4cae95; classtype:trojan-activity; sid:2022146; rev:2; metadata:created_at 2015_11_25, updated_at 2015_11_25;)

Added 2019-09-19 19:26:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Matryoshka CnC? Beacon 1"; flow:established,to_server; urilen:>50; content:"GET"; http_method; content:"/img/"; depth:5; http_uri; content:"/"; distance:32; within:1; http_uri; content:"/general.png"; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/^\/img\/[a-f0-9]{32}\/[a-f0-9]+\/general\.png$/U"; reference:md5,9853fc1f4d7ba23d728f4ee80842faf9; reference:url,minerva-labs.com/#!CopyKittens-Attack-Group/c7a5/5655651e0cf20a760c4cae95; classtype:trojan-activity; sid:2022146; rev:2; metadata:created_at 2015_11_25, updated_at 2015_11_25;)

Added 2018-09-13 19:51:58 UTC


Added 2018-09-13 18:00:32 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Matryoshka CnC? Beacon 1"; flow:established,to_server; urilen:>50; content:"GET"; http_method; content:"/img/"; depth:5; http_uri; content:"/"; distance:32; within:1; http_uri; content:"/general.png"; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/^\/img\/[a-f0-9]{32}\/[a-f0-9]+\/general\.png$/U"; reference:md5,9853fc1f4d7ba23d728f4ee80842faf9; reference:url,minerva-labs.com/#!CopyKittens-Attack-Group/c7a5/5655651e0cf20a760c4cae95; classtype:trojan-activity; sid:2022146; rev:2; metadata:created_at 2015_11_25, updated_at 2015_11_25;)

Added 2017-08-07 21:16:58 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Matryoshka CnC? Beacon 1"; flow:established,to_server; urilen:>50; content:"GET"; http_method; content:"/img/"; depth:5; http_uri; content:"/"; distance:32; within:1; http_uri; content:"/general.png"; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/^\/img\/[a-f0-9]{32}\/[a-f0-9]+\/general\.png$/U"; reference:md5,9853fc1f4d7ba23d728f4ee80842faf9; reference:url,minerva-labs.com/#!CopyKittens-Attack-Group/c7a5/5655651e0cf20a760c4cae95; classtype:trojan-activity; sid:2022146; rev:2;)

Added 2015-11-30 19:15:24 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Matryoshka CnC? Beacon 1"; flow:established,to_server; urilen:>50; content:"GET"; http_method; content:"/img/"; depth:5; http_uri; content:"/"; distance:32; within:1; http_uri; content:"/general.png"; http_uri; fast_pattern:only; content:!"Referer|3a|"; http_header; pcre:"/^\/img\/[a-f0-9]{32}\/[a-f0-9]+\/general\.png$/U"; reference:md5,9853fc1f4d7ba23d728f4ee80842faf9; reference:url,www.minerva-labs.com/?_escaped_fragment_=CopyKittens-Attack-Group/c1p1j/564df6190cf28679553fc331#!CopyKittens-Attack-Group/c1p1j/564df6190cf28679553fc331; classtype:trojan-activity; sid:2022146; rev:2;)

Added 2015-11-26 08:14:30 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats