Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Cobalt Strike Related Domain in DNS Lookup (telecomly .info)"; dns.query; dotprefix; content:".telecomly.info"; nocase; endswith; reference:md5,2daf4f1dbdc4a3d9726f9b447225113a; reference:url,blog.reversinglabs.com/blog/threat-analysis-follina-exploit-powers-live-off-the-land-attacks; classtype:domain-c2; sid:2038651; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_08_29, deployment Perimeter, malware_family Cobalt_Strike, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_08_29;)