alert udp $HOME_NET any -> any 53 (msg:"ET MALWARE All Numerical .ru Domain Lookup Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|ru|00|"; fast_pattern; distance:0; nocase; pcre:"/\x00[\x02-\x1E][0-9]{2,30}\x02ru\x00/i"; classtype:misc-activity; sid:2012328; rev:5;)

Added 2012-03-15 10:52:25 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .ru Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|ru"; fast_pattern; distance:0; nocase; pcre:"/[\x02-\x1E][0-9]{2,30}\x02ru/i"; classtype:misc-activity; sid:2012328; rev:2;)

Added 2011-10-12 19:34:00 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .ru Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|ru"; fast_pattern; distance:0; nocase; pcre:"/[\x02-\x1E][0-9]{2,30}\x02ru/i"; classtype:misc-activity; sid:2012328; rev:2;)

Added 2011-04-08 18:04:15 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .ru Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|ru"; fast_pattern; pcre:"/[\x02-\x1E][0-9]{2,30}\x02ru/i"; distance:0; nocase; classtype:misc-activity; sid:2012328; rev:1;)

Added 2011-02-21 17:32:02 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .ru Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|ru"; fast_pattern; pcre:"/[\x02-\x1E][0-9]{2,30}\x02ru/i"; distance:0; nocase; classtype:misc-activity; sid:2012328; rev:1;)

Added 2011-02-21 17:31:52 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE All Numerical .ru Domain Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|02|ru"; fast_pattern; pcre:"/[\x02-\x1E][0-9]{2,30}\x02ru/i"; distance:0; nocase; classtype:misc-activity; sid:2012328; rev:1;)

Added 2011-02-21 16:59:46 UTC


Topic revision: r1 - 2012-03-15 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats