Rule History

SID: 2063021 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 1 • Jun 16, 2025, 12:00 PM

Message:

ET MALWARE Observed Subdomain Hijacker Domain to AI Slop in DNS Lookup (pgpump .github .io)

Rule:

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Observed Subdomain Hijacker Domain to AI Slop in DNS Lookup (pgpump .github .io)"; dns.query; dotprefix; content:".pgpump.github.io"; nocase; endswith; reference:url,www.yahoo.com/news/entertainment/articles/smith-turned-down-christopher-nolan-011030992.html; reference:url,404media.co/spam-blogs-ai-slop-domains-wowlazy/; reference:url,urlscan.io/result/01977723-c01e-714e-9418-d8a87b7eabaa/; classtype:bad-unknown; sid:2063021; rev:1; metadata:attack_target Client_Endpoint, created_at 2025_06_16, deployment Perimeter, performance_impact Low, confidence High, signature_severity Minor, updated_at 2025_06_16, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol_DNS;)

Created:

Jun 16, 2025, 12:00 PM

Updated:

Jun 16, 2025, 12:00 PM

DB Created:

Jun 16, 2025, 10:35 PM

DB Updated:

Jun 17, 2025, 9:34 PM

Filename:

rules/emerging-malware.rules