Versions (3)
Version DetailsCurrent
Rev: 6 • Jul 27, 2012, 12:00 PMET MALWARE HTTP Request to RunForestRun DGA Domain 16-alpha.waw.pl
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE HTTP Request to RunForestRun DGA Domain 16-alpha.waw.pl"; flow:established,to_server; http.host; content:".waw.pl"; endswith; pcre:"/\.[abedgfihkmlonqpsruwvyxz]{16}\.waw\.pl$/"; reference:url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/; reference:url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/; classtype:bad-unknown; sid:2015530; rev:6; metadata:created_at 2012_07_27, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_23;)
Jul 27, 2012, 12:00 PM
Feb 23, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 13, 2025, 9:34 PM
rules/emerging-malware.rules