08e8d462fe
RED PILL 🔴 💊
12 lines
No EOL
382 B
Text
12 lines
No EOL
382 B
Text
rule Careto_CnC_domains {
|
|
meta:
|
|
author = "AlienVault (Alberto Ortega)"
|
|
description = "TheMask / Careto known command and control domains"
|
|
reference = "www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf"
|
|
strings:
|
|
$1 = "linkconf.net" ascii wide nocase
|
|
$2 = "redirserver.net" ascii wide nocase
|
|
$3 = "swupdt.com" ascii wide nocase
|
|
condition:
|
|
any of them
|
|
} |