alert dns $HTTP_SERVERS any -> any any (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; dns_query; content:"e5b57288.com"; depth:12; fast_pattern; isdataat:!1,relative; nocase; metadata: former_category WEB_SERVER; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:trojan-activity; sid:2023229; rev:4; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2019_09_03;)

Added 2019-09-03 18:12:07 UTC


alert udp $HTTP_SERVERS any -> any 53 (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|08|e5b57288|03|com|00|"; fast_pattern; distance:0; nocase; metadata: former_category WEB_SERVER; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:trojan-activity; sid:2023229; rev:3; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2019_08_30;)

Added 2019-08-30 19:36:53 UTC


alert udp $HTTP_SERVERS any -> any 53 (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|08|e5b57288|03|com|00|"; fast_pattern; distance:0; nocase; metadata: former_category WEB_SERVER; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:trojan-activity; sid:2023229; rev:3; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2019_08_29;)

Added 2019-08-29 17:59:57 UTC


alert udp $HTTP_SERVERS any -> any 53 (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|08|e5b57288|03|com|00|"; fast_pattern; distance:0; nocase; metadata: former_category WEB_SERVER; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:trojan-activity; sid:2023229; rev:3; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2019_08_28;)

Added 2019-08-28 19:01:41 UTC


alert udp $HTTP_SERVERS any -> any 53 (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|08|e5b57288|03|com|00|"; fast_pattern; distance:0; nocase; metadata: former_category WEB_SERVER; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:trojan-activity; sid:2023229; rev:2; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2018_03_21;)

Added 2018-09-13 19:52:57 UTC


Added 2018-09-13 18:01:08 UTC


alert udp $HTTP_SERVERS any -> any 53 (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|08|e5b57288|03|com|00|"; fast_pattern; distance:0; nocase; metadata: former_category WEB_SERVER; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:trojan-activity; sid:2023229; rev:2; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2018_03_21;)

Added 2018-03-21 17:18:16 UTC


alert udp $HTTP_SERVERS any -> any 53 (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|08|e5b57288|03|com|00|"; fast_pattern; distance:0; nocase; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:misc-activity; sid:2023229; rev:1; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, deployment Datacenter, signature_severity Critical, created_at 2016_09_15, updated_at 2016_09_15;)

Added 2017-08-07 21:18:19 UTC


alert udp $HTTP_SERVERS any -> any 53 (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|08|e5b57288|03|com|00|"; fast_pattern; distance:0; nocase; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:misc-activity; sid:2023229; rev:1;)

Added 2016-09-15 16:54:56 UTC


Topic revision: r1 - 2019-09-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats