Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Cobalt Strike Related Domain in DNS Lookup (pedaily .online)"; dns.query; content:"pedaily.online"; nocase; bsize:14; reference:url,www.fortinet.com/blog/threat-research/ukrainian-excel-file-delivers-multi-stage-cobalt-strike-loader; classtype:domain-c2; sid:2039527; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_10_24, deployment Perimeter, malware_family Cobalt_Strike, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_09_19, reviewed_at 2024_09_19;)