Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE OceanLotus APT Related Domain in DNS Lookup (confusion-cerulean-samba .glitch .me)"; dns.query; content:"confusion-cerulean-samba.glitch.me"; nocase; bsize:34; reference:md5,92f5f40db8df7cbb1c7c332087619afa; reference:url,twitter.com/ShadowChasing1/status/1483011032612499460; classtype:domain-c2; sid:2034934; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_01_18, deployment Perimeter, malware_family APT32, malware_family OceanLotus, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_01_18;)