Versions (2)
Version DetailsCurrent
Rev: 2 • Feb 2, 2024, 12:00 PMET MALWARE RubySleet APT TrollAgent CnC Domain in DNS Lookup (ol .negapa .p-e .kr)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE RubySleet APT TrollAgent CnC Domain in DNS Lookup (ol .negapa .p-e .kr)"; dns.query; bsize:16; content:"ol.negapa.p-e.kr"; nocase; reference:url,mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247509476&idx=1&sn=b0e09436095203b75710836d718d6699; classtype:domain-c2; sid:2050693; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2024_02_02, deployment Perimeter, malware_family TrollAgent, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_10_03, reviewed_at 2024_10_03;)
Feb 2, 2024, 12:00 PM
Oct 3, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules