""ET TROJAN APT 41 LOWKEY Backdoor - Initalisation Bytes Received from CnC""

SID: 2028863

Revision: 2

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2019_10_16, deployment Perimeter, malware_family LOWKEY, performance_impact Low, signature_severity Major, tag APT41, updated_at 2023_06_02

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 53

Flow: established,from_server

Contents:

• Value: "|FF FF 01 00 00 01 00 00 00 00 00 00|" Depth: 12

Within:

PCRE:

Special Options:

source