alert udp $HOME_NET any -> any 53 (msg:"ET MALWARE All Numerical .cn Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|cn|00|"; distance:0; nocase; fast_pattern; content:!"|03|360"; distance:-8; within:4; pcre:"/\x00[\x02-\x1E][0-9]{2,30}\x02cn\x00/i"; classtype:misc-activity; sid:2012327; rev:4; metadata:created_at 2011_02_21, updated_at 2011_02_21;)

Added 2017-08-07 21:05:27 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET MALWARE All Numerical .cn Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|cn|00|"; distance:0; nocase; fast_pattern; content:!"|03|360"; distance:-8; within:4; pcre:"/\x00[\x02-\x1E][0-9]{2,30}\x02cn\x00/i"; classtype:misc-activity; sid:2012327; rev:4;)

Added 2015-06-08 18:16:19 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET MALWARE All Numerical .cn Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|cn|00|"; distance:0; nocase; fast_pattern; pcre:"/\x00[\x02-\x1E][0-9]{2,30}\x02cn\x00/i"; classtype:misc-activity; sid:2012327; rev:3;)

Added 2012-03-15 10:52:25 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .cn Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|cn"; distance:0; nocase; fast_pattern; pcre:"/[\x02-\x1E][0-9]{2,30}\x02cn/i"; classtype:misc-activity; sid:2012327; rev:2;)

Added 2011-10-12 19:33:59 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .cn Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|cn"; distance:0; nocase; fast_pattern; pcre:"/[\x02-\x1E][0-9]{2,30}\x02cn/i"; classtype:misc-activity; sid:2012327; rev:2;)

Added 2011-04-08 18:04:14 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .cn Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|cn"; fast_pattern; pcre:"/[\x02-\x1E][0-9]{2,30}\x02cn/i"; distance:0; nocase; classtype:misc-activity; sid:2012327; rev:1;)

Added 2011-02-21 17:32:02 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .cn Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|cn"; fast_pattern; pcre:"/[\x02-\x1E][0-9]{2,30}\x02cn/i"; distance:0; nocase; classtype:misc-activity; sid:2012327; rev:1;)

Added 2011-02-21 17:31:52 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .cn Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|cn"; fast_pattern; pcre:"/[\x02-\x1E][0-9]{2,30}\x02cn/i"; distance:0; nocase; classtype:misc-activity; sid:2012327; rev:1;)

Added 2011-02-21 16:59:46 UTC


Topic revision: r2 - 2014-09-11 - DaniloTell
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats