Rule History

SID: 2027367 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 5 • May 19, 2019, 12:00 PM

Message:

ET DELETED Query for Suspicious shell .now .sh Domain

Rule:

alert dns $HOME_NET any -> any any (msg:"ET DELETED Query for Suspicious shell .now .sh Domain"; dns.query; content:"shell.now.sh"; nocase; endswith; reference:url,web.archive.org/web/20210411091242/https://www.lacework.com/blog-attacks-exploiting-confluence/; classtype:misc-attack; sid:2027367; rev:5; metadata:affected_product Linux, attack_target Client_Endpoint, created_at 2019_05_19, deployment Perimeter, deprecation_reason Relevance, performance_impact Low, signature_severity Minor, updated_at 2023_04_28;)

Created:

May 19, 2019, 12:00 PM

Updated:

Apr 28, 2023, 12:00 PM

DB Created:

May 19, 2019, 12:00 PM

DB Updated:

May 31, 2024, 9:00 PM

Filename:

rules/emerging-deleted.rules