Versions (4)
Version DetailsCurrent
Rev: 3 • Feb 25, 2020, 12:00 PMET MALWARE Observed Adwind RAT CnC DNS Query
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Observed Adwind RAT CnC DNS Query"; dns.query; content:"15438.xyz"; nocase; endswith; pcre:"/(?:^|\.)15438\.xyz$/"; reference:url,research.checkpoint.com/2020/the-turkish-rat-distributes-evolved-adwind-in-a-massive-ongoing-phishing-campaign/; classtype:domain-c2; sid:2029534; rev:3; metadata:attack_target Client_Endpoint, created_at 2020_02_25, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_02;)
Feb 25, 2020, 12:00 PM
Nov 2, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 19, 2025, 10:35 PM
rules/emerging-malware.rules