#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED DNS query for known Anunak APT Domain (ddnservice11.ru)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0c|ddnservice11|02|ru|00|"; nocase; distance:0; fast_pattern; reference:url,fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf; classtype:trojan-activity; sid:2020073; rev:1; metadata:created_at 2014_12_29, updated_at 2014_12_29;)

Added 2019-03-26 18:09:15 UTC


#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED DNS query for known Anunak APT Domain (ddnservice11.ru)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0c|ddnservice11|02|ru|00|"; nocase; distance:0; fast_pattern; reference:url,fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf; classtype:trojan-activity; sid:2020073; rev:1; metadata:created_at 2015_12_29, updated_at 2015_12_29;)

Added 2018-09-13 19:50:14 UTC


Added 2018-09-13 17:59:31 UTC


#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED DNS query for known Anunak APT Domain (ddnservice11.ru)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0c|ddnservice11|02|ru|00|"; nocase; distance:0; fast_pattern; reference:url,fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf; classtype:trojan-activity; sid:2020073; rev:1; metadata:created_at 2015_12_29, updated_at 2015_12_29;)

Added 2017-08-07 21:14:28 UTC


Topic revision: r1 - 2019-03-26 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats