#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED APT Cheshire Cat DNS Lookup (dive-extreme.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0c|dive-extreme|03|com|00|"; nocase; distance:0; fast_pattern; metadata: former_category TROJAN; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021657; rev:1; metadata:created_at 2015_08_18, updated_at 2018_01_10;)

Added 2018-01-10 16:35:27 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (dive-extreme.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0c|dive-extreme|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021657; rev:1; metadata:created_at 2015_08_18, updated_at 2015_08_18;)

Added 2017-08-07 21:16:22 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (dive-extreme.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0c|dive-extreme|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021657; rev:1;)

Added 2015-08-18 19:40:26 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (dive-extreme.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0c|dive-extreme|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021657; rev:1;)

Added 2015-08-18 19:30:35 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (dive-extreme.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0c|dive-extreme|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021657; rev:1;)

Added 2015-08-18 19:18:38 UTC


Topic revision: r1 - 2018-01-10 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats