#alert tcp any any <> any any (msg:"ET TROJAN NCSC APT28 - CompuTrace?_Beacon_UserAgent"; flow:established; content:"|0d0a|TagId|3a|"; fast_pattern; content: "POST / "; content:!"namequery.com"; content:!"Host: 209.53.113."; content:!"dnssearch.org"; content:!"Cookie:"; content:!"fnbcorporate.co.za"; content:!"207.6.98."; pcre:"/Mozilla\/[0-9]{1,2}.[0-9]{1,2}\(compatible\; MSIE [0-9]{1,2}.[0-9]{1,2}\;\)\x0d\x0a/"; reference:url,www.ncsc.gov.uk/content/files/protected_files/article_files/IOC-APT28-malware-advisory.pdf; classtype:trojan-activity; sid:2026440; rev:1; metadata:attack_target Client_Endpoint, created_at 2018_10_04, deployment Perimeter, former_category MALWARE, signature_severity Major, tag c2, updated_at 2018_10_17, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

Added 2021-06-18 18:19:37 UTC


#alert tcp any any <> any any (msg:"ET TROJAN NCSC APT28 - CompuTrace?_Beacon_UserAgent"; flow:established; content:"|0d0a|TagId|3a|"; fast_pattern; content: "POST / "; content:!"namequery.com"; content:!"Host: 209.53.113."; content:!"dnssearch.org"; content:!"Cookie:"; content:!"fnbcorporate.co.za"; content:!"207.6.98."; pcre:"/Mozilla\/[0-9]{1,2}.[0-9]{1,2}\(compatible\; MSIE [0-9]{1,2}.[0-9]{1,2}\;\)\x0d\x0a/"; reference:url,www.ncsc.gov.uk/content/files/protected_files/article_files/IOC-APT28-malware-advisory.pdf; classtype:trojan-activity; sid:2026440; rev:1; metadata:created_at 2018_10_04, former_category MALWARE, updated_at 2018_10_17;)

Added 2020-08-05 19:15:28 UTC


#alert tcp any any <> any any (msg:"ET TROJAN NCSC APT28 - CompuTrace?_Beacon_UserAgent"; flow:established; content:"|0d0a|TagId|3a|"; fast_pattern; content: "POST / "; content:!"namequery.com"; content:!"Host: 209.53.113."; content:!"dnssearch.org"; content:!"Cookie:"; content:!"fnbcorporate.co.za"; content:!"207.6.98."; pcre:"/Mozilla\/[0-9]{1,2}.[0-9]{1,2}\(compatible\; MSIE [0-9]{1,2}.[0-9]{1,2}\;\)\x0d\x0a/"; metadata: former_category MALWARE; reference:url,www.ncsc.gov.uk/content/files/protected_files/article_files/IOC-APT28-malware-advisory.pdf; classtype:trojan-activity; sid:2026440; rev:1; metadata:created_at 2018_10_04, updated_at 2018_10_17;)

Added 2019-09-26 19:58:40 UTC


#alert tcp any any <> any any (msg:"ET TROJAN NCSC APT28 - CompuTrace?_Beacon_UserAgent"; flow:established; content:"|0d0a|TagId|3a|"; fast_pattern; content: "POST / "; content:!"namequery.com"; content:!"Host: 209.53.113."; content:!"dnssearch.org"; content:!"Cookie:"; content:!"fnbcorporate.co.za"; content:!"207.6.98."; pcre:"/Mozilla\/[0-9]{1,2}.[0-9]{1,2}\(compatible\; MSIE [0-9]{1,2}.[0-9]{1,2}\;\)\x0d\x0a/"; metadata: former_category TROJAN; reference:url,www.ncsc.gov.uk/content/files/protected_files/article_files/IOC-APT28-malware-advisory.pdf; classtype:trojan-activity; sid:2026440; rev:1; metadata:created_at 2018_10_04, updated_at 2018_10_17;)

Added 2018-10-17 19:54:38 UTC


alert tcp any any <> any any (msg:"ET TROJAN NCSC APT28 - CompuTrace?_Beacon_UserAgent"; flow:established; content:"|0d0a|TagId|3a|"; fast_pattern; content: "POST / "; content:!"namequery.com"; content:!"Host: 209.53.113."; content:!"dnssearch.org"; content:!"Cookie:"; content:!"fnbcorporate.co.za"; content:!"207.6.98."; pcre:"/Mozilla\/[0-9]{1,2}.[0-9]{1,2}\(compatible\; MSIE [0-9]{1,2}.[0-9]{1,2}\;\)\x0d\x0a/"; reference:url,www.ncsc.gov.uk/content/files/protected_files/article_files/IOC-APT28-malware-advisory.pdf; classtype:trojan-activity; sid:2026440; rev:1; metadata:created_at 2018_10_04, updated_at 2018_10_04;)

Added 2018-10-04 17:21:49 UTC


Topic revision: r1 - 2021-06-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats