#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN HTTP Request to a Malware Related Numerical .cn Domain"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/Host\x3A\x20[^a-z]*[0-9]{4,30}\x2Ecn\x0D\x0A/Hi"; classtype:misc-activity; sid:2012650; rev:7;)

Added 2014-09-12 16:28:32 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS HTTP Request to a Malware Related Numerical .cn Domain"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/Host\x3A\x20[^a-z]*[0-9]{4,30}\x2Ecn\x0D\x0A/Hi"; classtype:misc-activity; sid:2012650; rev:7;)

Added 2011-12-01 18:59:14 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS HTTP Request to a Suspicious Malware Related Numerical .cn Domain"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/Host\x3A\x20[^a-z]*[0-9]{4,30}\x2Ecn\x0D\x0A/Hi"; classtype:misc-activity; sid:2012650; rev:7;)

Added 2011-10-12 19:34:52 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS HTTP Request to a Suspicious Malware Related Numerical .cn Domain"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/Host\x3A\x20[^a-z]*[0-9]{4,30}\x2Ecn\x0D\x0A/Hi"; classtype:misc-activity; sid:2012650; rev:7;)

Added 2011-07-07 22:33:28 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS HTTP Request to a Suspicious Malware Related Numerical .cn Domain"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/Host\x3A\x20[^a-z]*[0-9]{4,30}\x2Ecn\x0D\x0A/Hi"; classtype:misc-activity; sid:2012650; rev:7;)

Added 2011-07-07 21:26:59 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS All Numerical .cn Domain HTTP Request Likely Malware Related"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/[0-9]{4,30}\.cn\x0d\x0a/i"; classtype:misc-activity; sid:2012650; rev:4;)

Added 2011-05-02 14:42:51 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS All Numerical .cn Domain HTTP Request Likely Malware Related"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/[0-9]{4,30}\.cn\x0d\x0a/i"; classtype:misc-activity; sid:2012650; rev:4;)

Added 2011-05-02 14:23:36 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS All Numerical .cn Domain HTTP Request Likely Malware Related"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/[0-9]{4,30}\.cn\x0d\x0a/i"; classtype:misc-activity; sid:2012650; rev:4;)

Added 2011-05-02 14:04:14 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS All Numerical .cn Domain HTTP Request Likely Malware Related"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/[0-9]{4,30}\.cn\x0d\x0a/i"; classtype:misc-activity; sid:2012650; rev:4;)

Added 2011-05-01 20:54:00 UTC


#alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS All Numerical .cn Domain HTTP Request Likely Malware Related"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/[0-9]{4,30}\.cn\x0d\x0a/i"; classtype:misc-activity; sid:2012650; rev:4;)

Added 2011-04-29 17:39:43 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE All Numerical .cn Domain HTTP Request Likely Malware Related"; flow:established,to_server; content:"Host|3a| "; http_header; content:".cn|0d 0a|"; within:25; http_header; fast_pattern; pcre:"/[0-9]{2,30}\.cn\x0d\x0a/i"; classtype:misc-activity; sid:2012650; rev:3;)

Added 2011-04-08 18:04:15 UTC


Topic revision: r1 - 2014-09-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats