#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED APT Cheshire Cat DNS Lookup (groupbungee-br.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|groupbungee-br|03|com|00|"; nocase; distance:0; fast_pattern; metadata: former_category TROJAN; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021664; rev:1; metadata:created_at 2015_08_18, updated_at 2018_01_10;)

Added 2018-09-13 19:51:37 UTC


Added 2018-09-13 18:00:19 UTC


#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED APT Cheshire Cat DNS Lookup (groupbungee-br.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|groupbungee-br|03|com|00|"; nocase; distance:0; fast_pattern; metadata: former_category TROJAN; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021664; rev:1; metadata:created_at 2015_08_18, updated_at 2018_01_10;)

Added 2018-01-10 16:35:27 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (groupbungee-br.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|groupbungee-br|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021664; rev:1; metadata:created_at 2015_08_18, updated_at 2015_08_18;)

Added 2017-08-07 21:16:22 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (groupbungee-br.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|groupbungee-br|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021664; rev:1;)

Added 2015-08-18 19:40:27 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (groupbungee-br.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|groupbungee-br|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021664; rev:1;)

Added 2015-08-18 19:30:35 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (groupbungee-br.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|groupbungee-br|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021664; rev:1;)

Added 2015-08-18 19:18:39 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats