Versions (4)
Version DetailsCurrent
Rev: 3 • Apr 5, 2018, 12:00 PMET MALWARE OSX/OceanLotus.D CnC DNS Lookup (s3 .hiahornber .com)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE OSX/OceanLotus.D CnC DNS Lookup (s3 .hiahornber .com)"; dns.query; content:"s3.hiahornber.com"; nocase; endswith; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/; classtype:command-and-control; sid:2025467; rev:3; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2018_04_05, deployment Perimeter, malware_family OceanLotus, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_16;)
Apr 5, 2018, 12:00 PM
Sep 16, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 29, 2025, 9:34 PM
rules/emerging-malware.rules