alert tls [195.22.26.192/26,195.22.28.192/27,195.38.137.100,195.22.4.21,195.157.15.100,212.61.180.100] 443 -> $HOME_NET any (msg:"ET TROJAN AnubisNetworks? Sinkhole SSL Cert lolcat - specific IPs"; flow:established,to_client; content:"|06|lolcat"; fast_pattern; flowbits:isnotset,ET.invalid.cab; metadata: former_category TROJAN; classtype:trojan-activity; sid:2019628; rev:5; metadata:attack_target Client_Endpoint, deployment Perimeter, tag SSL_Malicious_Cert, signature_severity Major, created_at 2014_11_03, updated_at 2019_10_07;)

Added 2019-10-08 19:34:14 UTC


alert tls [195.22.26.192/26,195.22.28.192/27,195.38.137.100,195.22.4.21,195.157.15.100,212.61.180.100] 443 -> $HOME_NET any (msg:"ET TROJAN AnubisNetworks? Sinkhole SSL Cert lolcat - specific IPs"; flow:established,to_client; content:"|06|lolcat"; fast_pattern:only; flowbits:isnotset,ET.invalid.cab; metadata: former_category TROJAN; classtype:trojan-activity; sid:2019628; rev:4; metadata:attack_target Client_Endpoint, deployment Perimeter, tag SSL_Malicious_Cert, signature_severity Major, created_at 2014_11_03, updated_at 2017_03_06;)

Added 2017-08-07 21:13:55 UTC


alert tls [195.22.26.192/26,195.22.28.192/27,195.38.137.100,195.22.4.21,195.157.15.100,212.61.180.100] 443 -> $HOME_NET any (msg:"ET TROJAN AnubisNetworks? Sinkhole SSL Cert lolcat - specific IPs"; flow:established,to_client; content:"|06|lolcat"; fast_pattern:only; flowbits:isnotset,ET.invalid.cab; classtype:trojan-activity; sid:2019628; rev:4;)

Added 2017-05-05 16:58:53 UTC


alert tls [195.22.26.192/26,195.22.28.192/27,195.38.137.100,195.22.4.21,195.157.15.100,212.61.180.100] 443 -> $HOME_NET any (msg:"ET TROJAN AnubisNetworks? Sinkhole SSL Cert lolcat - specific IPs"; flow:established,to_client; content:"|06|lolcat"; fast_pattern:only; flowbits:isnotset,ET.invalid.cab; metadata: former_category TROJAN; classtype:trojan-activity; sid:2019628; rev:4;)

Added 2017-05-03 17:35:16 UTC


alert tls [195.22.26.192/26,195.22.28.192/27,195.38.137.100,195.22.4.21,195.157.15.100,212.61.180.100] 443 -> $HOME_NET any (msg:"ET TROJAN AnubisNetworks? Sinkhole SSL Cert lolcat - specific IPs"; flow:established,to_client; content:"|06|lolcat"; fast_pattern:only; flowbits:isnotset,ET.invalid.cab; classtype:trojan-activity; sid:2019628; rev:4;)

Added 2017-03-06 17:33:43 UTC


alert tls 195.22.26.192/26 443 -> $HOME_NET any (msg:"ET TROJAN AnubisNetworks? Sinkhole SSL Cert lolcat - 195.22.26.192/26"; flow:established,to_client; content:"|06|lolcat"; fast_pattern:only; flowbits:isnotset,ET.invalid.cab; classtype:trojan-activity; sid:2019628; rev:3;)

Added 2015-04-10 20:40:05 UTC


alert tls 195.22.26.192/26 443 -> $HOME_NET any (msg:"ET TROJAN AnubisNetworks? Sinkhole SSL Cert lolcat - 195.22.26.192/26"; flow:established,to_client; content:"|06|lolcat"; fast_pattern:only; classtype:trojan-activity; sid:2019628; rev:2;)

Added 2014-11-03 22:29:19 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats