Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Iron Tiger Gh0ST/PlugX/Various Backdoors DNS Lookup (gameofthrones.ddns.net)"; dns.query; content:"gameofthrones.ddns.net"; depth:22; nocase; endswith; fast_pattern; reference:url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-iron-tiger.pdf; classtype:trojan-activity; sid:2021792; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2015_09_17, deployment Perimeter, malware_family Gh0st, malware_family PCRAT, confidence Medium, signature_severity Critical, tag PCRAT, tag Gh0st, tag RAT, updated_at 2020_09_17;)