alert dns $HOME_NET any -> any any (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; dns_query; content:"g5wcesdfjzne7255.onion.to"; depth:25; nocase; isdataat:!1,relative; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:3; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, tag TROJAN_OSX_Keydnap, signature_severity Major, created_at 2016_07_06, performance_impact Low, updated_at 2019_09_03;)

Added 2019-09-03 18:12:04 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|10|g5wcesdfjzne7255|05|onion|02|to|00|"; nocase; distance:0; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, tag TROJAN_OSX_Keydnap, signature_severity Major, created_at 2016_07_06, performance_impact Low, updated_at 2019_08_30;)

Added 2019-08-30 19:36:50 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|10|g5wcesdfjzne7255|05|onion|02|to|00|"; nocase; distance:0; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, tag TROJAN_OSX_Keydnap, signature_severity Major, created_at 2016_07_06, performance_impact Low, updated_at 2019_08_29;)

Added 2019-08-29 17:59:54 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|10|g5wcesdfjzne7255|05|onion|02|to|00|"; nocase; distance:0; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, tag TROJAN_OSX_Keydnap, signature_severity Major, created_at 2016_07_06, performance_impact Low, updated_at 2019_08_28;)

Added 2019-08-28 19:01:38 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|10|g5wcesdfjzne7255|05|onion|02|to|00|"; nocase; distance:0; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:1; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, tag TROJAN_OSX_Keydnap, signature_severity Major, created_at 2016_07_06, performance_impact Low, updated_at 2016_07_07;)

Added 2017-08-07 21:17:58 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|10|g5wcesdfjzne7255|05|onion|02|to|00|"; nocase; distance:0; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:1;)

Added 2016-07-06 18:51:41 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|10|g5wcesdfjzne7255|05|onion|02|to|00|"; nocase; distance:0; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:1;)

Added 2016-07-06 18:50:33 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|10|g5wcesdfjzne7255|05|onion|02|to|00|"; nocase; distance:0; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:1;)

Added 2016-07-06 16:53:52 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN OSX/Keydnap DNS Query to CnC?"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|10|g5wcesdfjzne7255|05|onion|02|to|00|"; nocase; distance:0; fast_pattern; reference:url,welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials; classtype:trojan-activity; sid:2022950; rev:1;)

Added 2016-07-06 16:52:35 UTC


Topic revision: r1 - 2019-09-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats