ET MALWARE Linux/Onimiki DNS trojan activity long format (Inbound)

SID: 2018276Rev: 60 viewsHistory

Sourceet/open

CreatedMarch 14, 2014

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert udp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"ET MALWARE Linux/Onimiki DNS trojan activity long format (Inbound)"; byte_test:1,!&,128,2; content:"|00 01 00 00 00 00 00 00 38|"; offset:4; depth:9; pcre:"/^[a-z0-9]{23}[a-f0-9]{33}.[a-z0-9\-_]+.[a-z0-9\-_]+\x00\x00\x01\x00\x01/Rsi"; reference:url,www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf; reference:url,github.com/eset/malware-ioc; classtype:trojan-activity; sid:2018276; rev:6; metadata:created_at 2014_03_14, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

url	www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
url	github.com/eset/malware-ioc

Metadata

created at2014_03_14

confidenceMedium

signature severityMajor

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!