Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Possible Upatre DNS Query (jamco .com .pk)"; dns.query; content:"jamco.com.pk"; fast_pattern; nocase; bsize:12; reference:md5,407cce4873bc8af9077dbb21a8762f37; classtype:bad-unknown; sid:2020846; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2015_04_07, malware_family Upatre, confidence Medium, signature_severity Critical, tag Exploit_Kit, tag Downloader, tag Upatre, updated_at 2022_07_15;)