Rule History

SID: 2018141 • Source: et/open

Versions (6)

Version DetailsCurrent

Rev: 6 • Feb 15, 2014, 12:00 PM

Message:

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz"; flow:established,to_client; http.cookie; content:"snkz="; pcre:"/^\d{1,3}\x2E\d{1,3}\x2E\d{1,3}\x2E\d{1,3}/R"; threshold:type limit, count 1, seconds 300, track by_src; classtype:trojan-activity; sid:2018141; rev:6; metadata:created_at 2014_02_15, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_08_11, reviewed_at 2024_04_23;)

Created:

Feb 15, 2014, 12:00 PM

Updated:

Aug 11, 2022, 12:00 PM

DB Created:

Feb 15, 2014, 12:00 PM

DB Updated:

Mar 17, 2026, 9:34 PM

Filename:

rules/emerging-malware.rules