ET DELETED Query for Suspicious shell .now .sh Domain

SID: 2027367Rev: 50 views
History
Sourceet/open
CreatedMay 19, 2019
UpdatedApril 28, 2023
Classificationmisc-attack
alert dns $HOME_NET any -> any any (msg:"ET DELETED Query for Suspicious shell .now .sh Domain"; dns.query; content:"shell.now.sh"; nocase; endswith; reference:url,web.archive.org/web/20210411091242/https://www.lacework.com/blog-attacks-exploiting-confluence/; classtype:misc-attack; sid:2027367; rev:5; metadata:affected_product Linux, attack_target Client_Endpoint, created_at 2019_05_19, deployment Perimeter, deprecation_reason Relevance, performance_impact Low, signature_severity Minor, updated_at 2023_04_28;)

References

urlweb.archive.org/web/20210411091242/https://www.lacework.com/blog-attacks-exploiting-confluence/

Metadata

affected productLinux
attack targetClient_Endpoint
created at2019_05_19
deploymentPerimeter
deprecation reasonRelevance
performance impactLow
signature severityMinor
updated at2023_04_28

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!