Versions (3)
Version DetailsCurrent
Rev: 1 • Oct 21, 2024, 12:00 PMET MALWARE ClickFix Domain in DNS Lookup (gertioma .top)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE ClickFix Domain in DNS Lookup (gertioma .top)"; dns.query; dotprefix; content:".gertioma.top"; nocase; endswith; reference:url,app.any.run/tasks/f132828d-adb0-4deb-9865-194a11ea5f59; reference:url,proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn; classtype:trojan-activity; sid:2056737; rev:1; metadata:attack_target Client_Endpoint, created_at 2024_10_21, deployment Perimeter, malware_family ClickFix, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_10_21, reviewed_at 2025_05_14;)
Oct 21, 2024, 12:00 PM
Oct 21, 2024, 12:00 PM
Dec 3, 2024, 4:00 PM
Jul 18, 2025, 10:34 PM
rules/emerging-malware.rules