Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Bitter APT Related Domain in DNS Lookup (emshedulersvc .com)"; dns.query; content:"emshedulersvc.com"; nocase; bsize:17; reference:md5,6e4b4eb701f3410ebfb5925db32b25dc; reference:url,twitter.com/k3yp0d/status/1527656133837594624; reference:url,www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh; classtype:domain-c2; sid:2036642; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_05_20, deployment Perimeter, malware_family Bitter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_11_21;)