Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Win32/Warzone RAT Variant CnC Domain in DNS Lookup (dost .igov-service .net)"; dns.query; content:"dost.igov-service.net"; fast_pattern; nocase; bsize:21; reference:url,decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/; reference:md5,49e8853801554d9de4dd281828094c8a; classtype:domain-c2; sid:2035646; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_03_29, deployment Perimeter, malware_family Win32_Warzone, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_29;)