BackdoorDiplomacy UA

2021-06-15 10:39:08 +02:00
parent bf40b64f91
commit 9b93165ece
1 changed files with 1 additions and 0 deletions
@@ -49,6 +49,7 @@ detection:
        - 'Mozilla/5.0 (Windows NT 6.1; WOW64) Chrome/28.0.1500.95 Safari/537.36'  # Hidden Cobra malware
        - 'Mozilla/5.0 (Windows NT 6.2; Win32; rv:47.0)'  # Strong Pity loader https://twitter.com/VK_Intel/status/1264185981118406657
        - 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1;'  # Mustang Panda https://insights.oem.avira.com/new-wave-of-plugx-targets-hong-kong/
+        - 'Mozilla/5.0 (X11; Linux i686; rv:22.0) Firefox/22.0'  # BackdoorDiplomacy https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
    condition: selection
 fields:
    - ClientIP