alert http any any -> $HOME_NET any (msg:"ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt"; flow:established,to_server; content:"/form2dns.cgi?dnsmode=1&dns1="; http_uri; nocase; content:"&dns2="; http_uri; distance:0; content:"&dns3="; distance:0; http_uri; content:"&submit.htm?dns.htm=send&save="; http_uri; fast_pattern; nocase; distance:0; reference:url,csirt.bank.gov.ua/en/news/44; classtype:attempted-admin; sid:2027907; rev:2; metadata:attack_target Networking_Equipment, created_at 2019_08_23, deployment Perimeter, former_category EXPLOIT, performance_impact Moderate, signature_severity Major, updated_at 2021_03_04;)

Added 2021-03-04 20:25:37 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt"; flow:established,to_server; content:"/form2dns.cgi?dnsmode=1&dns1="; http_uri; content:"&dns2="; http_uri; distance:0; content:"&dns3="; distance:0; http_uri; content:"&submit.htm?dns.htm=send&save=apply"; http_uri; fast_pattern; isdataat:!1,relative; distance:0; reference:url,csirt.bank.gov.ua/en/news/44; classtype:attempted-admin; sid:2027907; rev:1; metadata:attack_target Networking_Equipment, created_at 2019_08_23, deployment Perimeter, former_category EXPLOIT, performance_impact Moderate, signature_severity Major, updated_at 2020_09_17;)

Added 2020-09-17 18:29:50 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt"; flow:established,to_server; content:"/form2dns.cgi?dnsmode=1&dns1="; http_uri; content:"&dns2="; http_uri; distance:0; content:"&dns3="; distance:0; http_uri; content:"&submit.htm?dns.htm=send&save=apply"; http_uri; fast_pattern; isdataat:!1,relative; distance:0; reference:url,csirt.bank.gov.ua/en/news/44; classtype:attempted-admin; sid:2027907; rev:1; metadata:attack_target Networking_Equipment, created_at 2019_08_23, deployment Perimeter, former_category EXPLOIT, performance_impact Moderate, signature_severity Major, updated_at 2019_09_28;)

Added 2020-08-05 19:16:47 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt"; flow:established,to_server; content:"/form2dns.cgi?dnsmode=1&dns1="; http_uri; content:"&dns2="; http_uri; distance:0; content:"&dns3="; distance:0; http_uri; content:"&submit.htm?dns.htm=send&save=apply"; http_uri; fast_pattern; isdataat:!1,relative; distance:0; metadata: former_category EXPLOIT; reference:url,csirt.bank.gov.ua/en/news/44; classtype:attempted-admin; sid:2027907; rev:1; metadata:attack_target Networking_Equipment, deployment Perimeter, signature_severity Major, created_at 2019_08_23, performance_impact Moderate, updated_at 2019_09_28;)

Added 2019-10-01 08:29:57 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt"; flow:established,to_server; content:"/form2dns.cgi?dnsmode=1&dns1="; http_uri; content:"&dns2="; http_uri; distance:0; content:"&dns3="; distance:0; http_uri; content:"&submit.htm?dns.htm=send&save=apply"; http_uri; fast_pattern; isdataat:!1,relative; distance:0; metadata: former_category EXPLOIT; reference:url,csirt.bank.gov.ua/en/news/44; classtype:attempted-admin; sid:2027907; rev:1; metadata:attack_target Networking_Equipment, deployment Perimeter, signature_severity Major, created_at 2019_08_23, performance_impact Moderate, updated_at 2019_09_28;)

Added 2019-10-01 04:24:20 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt"; flow:established,to_server; content:"/form2dns.cgi?dnsmode=1&dns1="; http_uri; content:"&dns2="; http_uri; distance:0; content:"&dns3="; distance:0; http_uri; content:"&submit.htm?dns.htm=send&save=apply"; http_uri; fast_pattern; isdataat:!1,relative; distance:0; metadata: former_category EXPLOIT; reference:url,csirt.bank.gov.ua/en/news/44; classtype:attempted-admin; sid:2027907; rev:1; metadata:attack_target Networking_Equipment, deployment Perimeter, signature_severity Major, created_at 2019_08_23, performance_impact Moderate, updated_at 2019_08_23;)

Added 2019-08-23 18:43:29 UTC


Topic revision: r1 - 2021-03-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats