Versions (3)
Version DetailsCurrent
Rev: 8 • Apr 8, 2011, 12:00 PMET MALWARE HTTP Request to a Malware Related Numerical .cn Domain
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE HTTP Request to a Malware Related Numerical .cn Domain"; flow:established,to_server; http.host; content:".cn"; endswith; fast_pattern; pcre:"/[^a-z]*[0-9]{4,30}\x2Ecn$/i"; classtype:misc-activity; sid:2012650; rev:8; metadata:created_at 2011_04_08, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_22;)Apr 8, 2011, 12:00 PM
Feb 22, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Nov 20, 2025, 12:34 AM
rules/emerging-malware.rules