Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (agov-ch .com)"; dns.query; bsize:11; content:"agov-ch.com"; nocase; reference:url,github.com/govcert-ch/CTI/tree/main/20240627_macOS_PoseidonStealer; classtype:trojan-activity; sid:2054203; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2024_07_01, deployment Perimeter, malware_family Poseidon_Stealer, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_10_04, reviewed_at 2024_10_04;)