Versions (4)
Version DetailsCurrent
Rev: 1 • Feb 15, 2022, 12:00 PMET MALWARE DangerousPassword APT Related Domain in DNS Lookup (doc .filesaves .cloud)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE DangerousPassword APT Related Domain in DNS Lookup (doc .filesaves .cloud)"; dns.query; content:"doc.filesaves.cloud"; nocase; bsize:19; reference:md5,85fe6affdb218b2d09a59e08e80eb1fa; reference:md5,de097c5ab5e31ac16b4466cd56e9bd2d; reference:url,twitter.com/h2jazi/status/1493598324053712915; classtype:domain-c2; sid:2035201; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_02_15, deployment Perimeter, malware_family DangerousPassword, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_02_15;)
Feb 15, 2022, 12:00 PM
Feb 15, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 5, 2025, 9:34 PM
rules/emerging-malware.rules