#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ProjectSauron? Remsec CnC? Beacon (hardcoded HTTP headers)"; flow:established,to_server; content:"|41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D 6C 2C 74 65 78 74 2F 70 6C 61 69 6E 2C 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75 73 0D 0A 41 63 63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 49 53 4F 2D 38 38 35 39 2D 31 2C 2A 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 3A 20 33 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 4E 6F 2D 43 61 63 68 65|"; fast_pattern:10,20; reference:url,securelist.com/analysis/publications/75533/faq-the-projectsauron-apt; reference:url,www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets; classtype:trojan-activity; sid:2023032; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2016_08_09, deployment Perimeter, former_category MALWARE, performance_impact Low, signature_severity Major, updated_at 2016_08_09;)

Added 2020-11-30 18:06:35 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ProjectSauron? Remsec CnC? Beacon (hardcoded HTTP headers)"; flow:established,to_server; content:"|41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D 6C 2C 74 65 78 74 2F 70 6C 61 69 6E 2C 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75 73 0D 0A 41 63 63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 49 53 4F 2D 38 38 35 39 2D 31 2C 2A 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 3A 20 33 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 4E 6F 2D 43 61 63 68 65|"; fast_pattern:10,20; reference:url,securelist.com/analysis/publications/75533/faq-the-projectsauron-apt; reference:url,www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets; classtype:trojan-activity; sid:2023032; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2016_08_09, deployment Perimeter, former_category MALWARE, performance_impact Low, signature_severity Major, updated_at 2016_08_09;)

Added 2020-08-05 19:12:23 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ProjectSauron? Remsec CnC? Beacon (hardcoded HTTP headers)"; flow:established,to_server; content:"|41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D 6C 2C 74 65 78 74 2F 70 6C 61 69 6E 2C 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75 73 0D 0A 41 63 63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 49 53 4F 2D 38 38 35 39 2D 31 2C 2A 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 3A 20 33 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 4E 6F 2D 43 61 63 68 65|"; fast_pattern:10,20; metadata: former_category MALWARE; reference:url,securelist.com/analysis/publications/75533/faq-the-projectsauron-apt; reference:url,www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets; classtype:trojan-activity; sid:2023032; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2016_08_09, performance_impact Low, updated_at 2016_08_09;)

Added 2019-09-19 19:26:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ProjectSauron? Remsec CnC? Beacon (hardcoded HTTP headers)"; flow:established,to_server; content:"|41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D 6C 2C 74 65 78 74 2F 70 6C 61 69 6E 2C 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75 73 0D 0A 41 63 63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 49 53 4F 2D 38 38 35 39 2D 31 2C 2A 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 3A 20 33 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 4E 6F 2D 43 61 63 68 65|"; fast_pattern:10,20; reference:url,securelist.com/analysis/publications/75533/faq-the-projectsauron-apt; reference:url,www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets; classtype:trojan-activity; sid:2023032; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2016_08_09, performance_impact Low, updated_at 2016_08_09;)

Added 2018-09-13 19:52:46 UTC


Added 2018-09-13 18:01:02 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ProjectSauron? Remsec CnC? Beacon (hardcoded HTTP headers)"; flow:established,to_server; content:"|41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D 6C 2C 74 65 78 74 2F 70 6C 61 69 6E 2C 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75 73 0D 0A 41 63 63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 49 53 4F 2D 38 38 35 39 2D 31 2C 2A 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 3A 20 33 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 4E 6F 2D 43 61 63 68 65|"; fast_pattern:10,20; reference:url,securelist.com/analysis/publications/75533/faq-the-projectsauron-apt; reference:url,www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets; classtype:trojan-activity; sid:2023032; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2016_08_09, performance_impact Low, updated_at 2016_08_09;)

Added 2017-08-07 21:18:04 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN ProjectSauron? Remsec CnC? Beacon (hardcoded HTTP headers)"; flow:established,to_server; content:"|41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D 6C 2C 74 65 78 74 2F 70 6C 61 69 6E 2C 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75 73 0D 0A 41 63 63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 49 53 4F 2D 38 38 35 39 2D 31 2C 2A 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 3A 20 33 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C 3A 20 4E 6F 2D 43 61 63 68 65|"; fast_pattern:10,20; reference:url,securelist.com/analysis/publications/75533/faq-the-projectsauron-apt; reference:url,www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets; classtype:trojan-activity; sid:2023032; rev:2;)

Added 2016-08-09 18:48:35 UTC


Topic revision: r1 - 2020-11-30 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats