Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Observed DNS Query to BlackByte Ransomware Domain (myvisit .alteksecurity .org)"; dns.query; dotprefix; content:".myvisit.alteksecurity.org"; nocase; endswith; reference:url,www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/; reference:md5,a114d698b40fb3b13c190f74d850e41d; classtype:trojan-activity; sid:2062138; rev:1; metadata:attack_target Client_Endpoint, created_at 2025_05_06, deployment Perimeter, malware_family BlackByte, confidence High, signature_severity Major, tag Ransomware, tag AI_Generated_Description, updated_at 2025_05_06;)