Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE ROMCOM RAT Campaign Domain (wveeam .com) in DNS Lookup"; dns.query; content:"wveeam.com"; nocase; bsize:10; reference:url,twitter.com/Unit42_Intel/status/1588199843981402114; reference:url,blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass; classtype:trojan-activity; sid:2039739; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2022_11_04, deployment Perimeter, deprecation_reason Relevance, malware_family ROMCOM_RAT, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_05_10;)