alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8866.org"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04|8866|03|org"; fast_pattern; distance:0; nocase; reference:url,isc.sans.edu/diary.html?storyid=6739; reference:url,google.com/safebrowsing/diagnostic?site=8866.org/; reference:url,www.mywot.com/en/scorecard/8866.org; classtype:misc-activity; sid:2012738; rev:6;)

Added 2012-05-25 17:28:09 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET POLICY DYNAMIC_DNS Lookup of Chinese Dynamic DNS Provider 8866.org Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04|8866|03|org"; fast_pattern; distance:0; nocase; reference:url,isc.sans.edu/diary.html?storyid=6739; reference:url,google.com/safebrowsing/diagnostic?site=8866.org/; reference:url,www.mywot.com/en/scorecard/8866.org; classtype:misc-activity; sid:2012738; rev:4;)

Added 2011-10-12 19:35:06 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET POLICY DYNAMIC_DNS Lookup of Chinese Dynamic DNS Provider 8866.org Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04|8866|03|org"; fast_pattern; distance:0; nocase; classtype:misc-activity; reference:url,isc.sans.edu/diary.html?storyid=6739; reference:url,google.com/safebrowsing/diagnostic?site=8866.org/; reference:url,www.mywot.com/en/scorecard/8866.org; sid:2012738; rev:4;)

Added 2011-05-04 15:36:23 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET POLICY DYNDNS Lookup of Chinese Dynamic DNS Provider 8866.org Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04|8866|03|org"; fast_pattern; distance:0; nocase; classtype:misc-activity; reference:url,isc.sans.edu/diary.html?storyid=6739; reference:url,google.com/safebrowsing/diagnostic?site=8866.org/; reference:url,www.mywot.com/en/scorecard/8866.org; sid:2012738; rev:3;)

Added 2011-05-03 18:07:16 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET POLICY Lookup of Chinese Dynamic DNS Provider 8866.org Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04|8866|03|org"; fast_pattern; distance:0; nocase; classtype:misc-activity; reference:url,isc.sans.edu/diary.html?storyid=6739; reference:url,google.com/safebrowsing/diagnostic?site=8866.org/; reference:url,www.mywot.com/en/scorecard/8866.org; sid:2012738; rev:2;)

Added 2011-05-02 21:04:32 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET MALWARE Lookup of Chinese Dynamic DNS Provider 8866.org Likely Malware Related"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|04|8866|03|org"; fast_pattern; distance:0; nocase; classtype:misc-activity; reference:url,isc.sans.edu/diary.html?storyid=6739; reference:url,google.com/safebrowsing/diagnostic?site=8866.org/; reference:url,www.mywot.com/en/scorecard/8866.org; sid:2012738; rev:1;)

Added 2011-04-28 19:56:37 UTC


Topic revision: r1 - 2012-05-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats