Versions (4)
Version DetailsCurrent
Rev: 6 • Dec 30, 2012, 12:00 PMET MALWARE CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain
alert dns $HOME_NET any -> any any (msg:"ET MALWARE CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain"; dns.query; content:"provide.yourtrap.com"; depth:20; fast_pattern; nocase; endswith; reference:cve,2012-4792; reference:url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449; reference:url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/; classtype:command-and-control; sid:2016135; rev:6; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2012_12_30, cve CVE_2012_4792, deployment Perimeter, confidence Medium, signature_severity Major, tag DriveBy, tag CISA_KEV, updated_at 2020_09_17;)
Dec 30, 2012, 12:00 PM
Sep 17, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules