Signature Detail

Short Name	TROJAN:WIPER-FLAME-POST-EXFIL
Severity	High
Recommended	No
Recommended Action	Drop
Category	TROJAN
Keywords	Flame Wiper Viper sKyWiper Malware Trojan Iran
Release Date	2012/05/30
Update Number	2143
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

Trojan: Wiper/Flame HTTP POST Data Exfiltration Activity

This signature detects HTTP POST activity for an unknown version of Wiper, also known as Viper, sKyWiper, or Flame during its data exfiltration process. The source IP address is possibly infected and should be investigated.

References

URL: http://blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

Trojan: Wiper/Flame HTTP POST Data Exfiltration Activity

References