Rule History

alert dns $HOME_NET any -> any any (msg:"ET PHISHING Fake Crypto Investing Domain in DNS Lookup (cryptowave .capital)"; dns.query; dotprefix; content:".cryptowave.capital"; nocase; endswith; reference:url,krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/; classtype:trojan-activity; sid:2051751; rev:1; metadata:attack_target Client_Endpoint, created_at 2024_03_20, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_20;)