2021651 < Main < EmergingThreats

EmergingThreats>

Main Web>2021651 (2022-05-19, TWikiGuest)

#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED APT Cheshire Cat DNS Lookup (raftingholiday.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|raftingholiday|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021651; rev:2; metadata:created_at 2015_08_18, former_category TROJAN, updated_at 2018_01_10;)

Added 2022-05-19 19:06:36 UTC

#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED APT Cheshire Cat DNS Lookup (raftingholiday.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|raftingholiday|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021651; rev:1; metadata:created_at 2015_08_18, former_category TROJAN, updated_at 2018_01_10;)

Added 2020-08-05 19:11:33 UTC

#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED APT Cheshire Cat DNS Lookup (raftingholiday.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|raftingholiday|03|com|00|"; nocase; distance:0; fast_pattern; metadata: former_category TROJAN; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021651; rev:1; metadata:created_at 2015_08_18, updated_at 2018_01_10;)

Added 2018-09-13 19:51:36 UTC

Added 2018-09-13 18:00:18 UTC

#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED APT Cheshire Cat DNS Lookup (raftingholiday.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|raftingholiday|03|com|00|"; nocase; distance:0; fast_pattern; metadata: former_category TROJAN; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021651; rev:1; metadata:created_at 2015_08_18, updated_at 2018_01_10;)

Added 2018-01-10 16:35:27 UTC

alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (raftingholiday.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|raftingholiday|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021651; rev:1; metadata:created_at 2015_08_18, updated_at 2015_08_18;)

Added 2017-08-07 21:16:21 UTC

alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (raftingholiday.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|raftingholiday|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021651; rev:1;)

Added 2015-08-18 19:40:26 UTC

alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (raftingholiday.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|raftingholiday|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021651; rev:1;)

Added 2015-08-18 19:30:34 UTC

alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN APT Cheshire Cat DNS Lookup (raftingholiday.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0e|raftingholiday|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,kernelmode.info/forum/viewtopic.php?f=16&t=3981; classtype:trojan-activity; sid:2021651; rev:1;)

Added 2015-08-18 19:18:38 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions

Topic revision: r1 - 2022-05-19 - TWikiGuest

Main

Log In

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © Emerging Threats