ET MALWARE Possible Winnti-related Destination

SID: 2024864Rev: 40 views
History
Sourceet/open
CreatedOctober 18, 2017
UpdatedMarch 1, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Possible Winnti-related Destination"; flow:established,to_server; http.host; content:"dnslog.mobi"; fast_pattern; reference:url,401trg.pw/an-update-on-winnti/; classtype:trojan-activity; sid:2024864; rev:4; metadata:created_at 2017_10_18, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_01;)

References

url401trg.pw/an-update-on-winnti/

Metadata

created at2017_10_18
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_01

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!