#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED Possible Winnti-related DNS Lookup"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0f|securitytactics|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,401trg.pw/an-update-on-winnti/; classtype:trojan-activity; sid:2024868; rev:3; metadata:created_at 2017_10_18, former_category TROJAN, updated_at 2018_05_23;)

Added 2022-05-19 19:06:44 UTC


#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED Possible Winnti-related DNS Lookup"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0f|securitytactics|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,401trg.pw/an-update-on-winnti/; classtype:trojan-activity; sid:2024868; rev:2; metadata:created_at 2017_10_18, former_category TROJAN, updated_at 2018_05_23;)

Added 2020-08-05 19:14:02 UTC


#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED Possible Winnti-related DNS Lookup"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0f|securitytactics|03|com|00|"; nocase; distance:0; fast_pattern; metadata: former_category TROJAN; reference:url,401trg.pw/an-update-on-winnti/; classtype:trojan-activity; sid:2024868; rev:2; metadata:created_at 2017_10_18, updated_at 2018_05_23;)

Added 2018-09-13 19:54:14 UTC


Added 2018-09-13 18:01:51 UTC


#alert udp $HOME_NET any -> any 53 (msg:"ET DELETED Possible Winnti-related DNS Lookup"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0f|securitytactics|03|com|00|"; nocase; distance:0; fast_pattern; metadata: former_category TROJAN; reference:url,401trg.pw/an-update-on-winnti/; classtype:trojan-activity; sid:2024868; rev:2; metadata:created_at 2017_10_18, updated_at 2018_05_23;)

Added 2018-05-23 18:34:57 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN Possible Winnti-related DNS Lookup"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0f|securitytactics|03|com|00|"; nocase; distance:0; fast_pattern; reference:url,401trg.pw/an-update-on-winnti/; classtype:trojan-activity; sid:2024868; rev:2; metadata:created_at 2017_10_18, updated_at 2017_10_18;)

Added 2017-10-19 16:34:40 UTC


Topic revision: r1 - 2022-05-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats