alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OSX/OceanLotus / ELF/RotaJakario CnC? Checkin"; flow:established,to_server; content:"|41 61 54 03|"; offset:1; depth:4; fast_pattern; content:"|63 63 63 63 63 63 63 63|"; distance:0; reference:url,researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/; reference:url,blog.netlab.360.com/stealth_rotajakiro_backdoor_en; classtype:trojan-activity; sid:2024425; rev:1; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2017_06_26, deployment Perimeter, former_category MALWARE, malware_family OceanLotus?, performance_impact Low, tag Targeted, tag APT, tag OceanLotus?, tag OSX, updated_at 2017_06_26;)

Added 2021-05-04 18:41:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OSX OceanLotus? Checkin"; flow:established,to_server; content:"|41 61 54 03|"; offset:1; depth:4; fast_pattern; content:"|63 63 63 63 63 63 63 63|"; distance:0; reference:url,researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/; classtype:trojan-activity; sid:2024425; rev:1; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2017_06_26, deployment Perimeter, former_category MALWARE, malware_family OceanLotus?, performance_impact Low, tag Targeted, tag APT, tag OceanLotus?, tag OSX, updated_at 2017_06_26;)

Added 2020-08-05 19:13:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OSX OceanLotus? Checkin"; flow:established,to_server; content:"|41 61 54 03|"; offset:1; depth:4; fast_pattern; content:"|63 63 63 63 63 63 63 63|"; distance:0; metadata: former_category MALWARE; reference:url,researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/; classtype:trojan-activity; sid:2024425; rev:1; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, tag Targeted, tag APT, tag OceanLotus?, tag OSX, created_at 2017_06_26, malware_family OceanLotus?, performance_impact Low, updated_at 2017_06_26;)

Added 2020-03-16 18:59:20 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OSX OceanLotus? Checkin"; flow:established,to_server; content:"|41 61 54 03|"; offset:1; depth:4; fast_pattern; content:"|63 63 63 63 63 63 63 63|"; distance:0; metadata: former_category TROJAN; reference:md5,researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/; classtype:trojan-activity; sid:2024425; rev:1; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, tag Targeted, tag APT, tag OceanLotus?, tag OSX, created_at 2017_06_26, malware_family OceanLotus?, performance_impact Low, updated_at 2017_06_26;)

Added 2017-08-07 21:19:47 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN OSX OceanLotus? Checkin"; flow:established,to_server; content:"|41 61 54 03|"; offset:1; depth:4; fast_pattern; content:"|63 63 63 63 63 63 63 63|"; distance:0; reference:md5,researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/; classtype:trojan-activity; sid:2024425; rev:1;)

Added 2017-06-26 16:42:58 UTC


Topic revision: r1 - 2021-05-04 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats