ET MALWARE CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain

SID: 2016135Rev: 60 viewsHistory

Sourceet/open

CreatedDecember 30, 2012

UpdatedSeptember 17, 2020

Classificationcommand-and-control

alert dns $HOME_NET any -> any any (msg:"ET MALWARE CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain"; dns.query; content:"provide.yourtrap.com"; depth:20; fast_pattern; nocase; endswith; reference:cve,2012-4792; reference:url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449; reference:url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/; classtype:command-and-control; sid:2016135; rev:6; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2012_12_30, cve CVE_2012_4792, deployment Perimeter, confidence Medium, signature_severity Major, tag DriveBy, tag CISA_KEV, updated_at 2020_09_17;)

References

cve	2012-4792
url	github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449
url	eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/

Metadata

affected productAny

attack targetClient_Endpoint

created at2012_12_30

cveCVE-2012-4792

deploymentPerimeter

confidenceMedium

signature severityMajor

tagCISA_KEV

updated at2020_09_17

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!