ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection - Suricata Rule 2008559 (et/open)

ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection

SID: 2008559Rev: 80 viewsHistory

Sourceet/open

CreatedJuly 30, 2010

UpdatedSeptember 27, 2019

Classificationtrojan-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection"; flow:established,to_client; content:"#|0d 0a|#|20|This|20|is|20|a|20|sample|20|HOSTS|20|file|20|used|20|by|20|Microsoft|20|TCP/IP|20|for|20|Windows.|0d 0a|#|0d 0a|#|20|This|20|file|20|contains|20|the|20|mappings|20|of|20|IP|20|addresses|20|to|20|host|20|names."; classtype:trojan-activity; sid:2008559; rev:8; metadata:created_at 2010_07_30, confidence Medium, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_09_27;)

Metadata

created at2010_07_30

confidenceMedium

signature severityUnknown

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_09_27

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!