Versions (4)
Version DetailsCurrent
Rev: 1 • Dec 15, 2021, 12:00 PMET MALWARE Win32/FunnyDream Backdoor Related Domain in DNS Lookup (www .aexhausts .com)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Win32/FunnyDream Backdoor Related Domain in DNS Lookup (www .aexhausts .com)"; dns.query; content:"www.aexhausts.com"; nocase; bsize:17; reference:md5,23d4cfceb70d19cf5dc15ea0e8ea1acd; reference:md5,1f3a2e8058411cc04f474a68501b3045; reference:md5,fa80669685cf12de62b4e3156b997553; reference:url,go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf; classtype:domain-c2; sid:2034735; rev:1; metadata:attack_target Client_Endpoint, created_at 2021_12_15, deployment Perimeter, malware_family TAG_16, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_12_15;)
Dec 15, 2021, 12:00 PM
Dec 15, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 8, 2025, 9:34 PM
rules/emerging-malware.rules