Versions (2)
Version DetailsCurrent
Rev: 2 • Mar 25, 2024, 12:00 PMET MALWARE Python Typo Squatting Domain in DNS Lookup (files .pypihosted .org)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Python Typo Squatting Domain in DNS Lookup (files .pypihosted .org)"; dns.query; bsize:20; content:"files.pypihosted.org"; nocase; reference:url,checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/; reference:md5,fdb9474dbfcfc86b7f8145ef79a226b6; classtype:trojan-activity; sid:2051783; rev:2; metadata:affected_product Any, attack_target Client_and_Server, created_at 2024_03_25, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_10_03, reviewed_at 2024_10_03;)
Mar 25, 2024, 12:00 PM
Oct 3, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules