Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Ave Maria RAT CnC Domain in DNS Lookup (uknwn.linkpc .net)"; dns.query; content:"uknwn.linkpc.net"; nocase; bsize:16; reference:url,twitter.com/James_inthe_box/status/1293267162258272256?cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email; reference:url,app.any.run/tasks/49ba0acb-fd7a-47ec-9998-cacc6eb875d5/; classtype:command-and-control; sid:2030679; rev:2; metadata:attack_target Client_Endpoint, created_at 2020_08_12, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_17;)