Versions (5)
Version DetailsCurrent
Rev: 4 • Apr 16, 2018, 12:00 PMET HUNTING Possible EXE Download From Suspicious TLD (.yokohama) - set
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Possible EXE Download From Suspicious TLD (.yokohama) - set"; flow:established,to_server; flowbits:set,ET.SuspExeTLDs; flowbits:noalert; http.host; content:".yokohama"; endswith; reference:url,www.spamhaus.org/statistics/tlds/; classtype:misc-activity; sid:2025498; rev:4; metadata:created_at 2018_04_16, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_10;)
Apr 16, 2018, 12:00 PM
Oct 10, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 29, 2025, 9:34 PM
rules/emerging-hunting.rules