Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
6 lines (3 sloc) 1.01 KB
alert udp $HOME_NET any -> any 53 (msg:"AV TROJAN Careto Mask DNS Lookup (itunes212.appleupdt.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|09|itunes212|09|appleupdt|03|com|00|"; nocase; distance:0; fast_pattern; reference:md5,1342ac151eea7a03d51660bb5db018d9; classtype:trojan-activity; sid:9000004; rev:1;)
alert udp $HOME_NET any -> any 53 (msg:"AV TROJAN Careto Mask DNS Lookup (itunes214.appleupdt.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|09|itunes214|09|appleupdt|03|com|00|"; nocase; distance:0; fast_pattern; reference:md5,1342ac151eea7a03d51660bb5db018d9; classtype:trojan-activity; sid:9000005; rev:1;)
alert udp $HOME_NET any -> any 53 (msg:"AV TROJAN Careto Mask DNS Lookup (itunes311.appleupdt.com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|09|itunes311|09|appleupdt|03|com|00|"; nocase; distance:0; fast_pattern; reference:md5,1342ac151eea7a03d51660bb5db018d9; classtype:trojan-activity; sid:9000006; rev:1;)
You can’t perform that action at this time.