ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site

SID: 2023229Rev: 60 views
History
Sourceet/open
CreatedSeptember 15, 2016
UpdatedSeptember 17, 2020
Classificationtrojan-activity
alert dns $HTTP_SERVERS any -> any any (msg:"ET WEB_SERVER DNS Query for Suspicious e5b57288.com Domain - Anuna Checkin - Compromised PHP Site"; dns.query; content:"e5b57288.com"; depth:12; fast_pattern; endswith; nocase; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2; reference:url,security.stackexchange.com/questions/47253/hacked-site-encrypted-code; classtype:trojan-activity; sid:2023229; rev:6; metadata:affected_product Apache_HTTP_server, affected_product PHP, attack_target Web_Server, created_at 2016_09_15, deployment Datacenter, confidence Medium, signature_severity Critical, updated_at 2020_09_17;)

References

urlwww.symantec.com/security_response/writeup.jsp?docid=2015-111911-4342-99&tabid=2
urlsecurity.stackexchange.com/questions/47253/hacked-site-encrypted-code

Metadata

affected productPHP
attack targetWeb_Server
created at2016_09_15
deploymentDatacenter
confidenceMedium
signature severityCritical
updated at2020_09_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!