Back to Rule

Rule History

SID: 3316460 • Source: pawpatrules

Versions (5)

Rev: 5
Sep 16, 2025, 8:34 PM
Current
Rev: 4
Aug 15, 2025, 7:34 PM
Archived
Rev: 3
Jul 27, 2025, 9:34 PM
Archived
Rev: 2
Jul 20, 2025, 6:35 PM
Archived
Rev: 1
May 1, 2024, 10:00 PM
Archived

Version DetailsCurrent

Rev: 5Mar 4, 2022, 12:00 PM

🐾 - ☠ DNS query to domain seen in 🔒 Conti Ransomware Leak

alert dns any any -> any any (msg:"🐾 - ☠ DNS query to domain seen in 🔒 Conti Ransomware Leak"; flow:to_server, stateless; dns_query; content:"site."; nocase; startswith; content:".com"; nocase; endswith; content:!"site.fortinet.com"; nocase; endswith; content:!"site.google.com"; nocase; endswith; reference:url,https://github.com/TheParmak/conti-leaks-englished/blob/master/docs/translated/bot/cs2%20proto%20en-US.rtf; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.conti; reference:url,https://malpedia.caad.fkie.fraunhofer.de/actor/unc1878; metadata:created_at 2022_03_04, updated_at 2025_09_16; sid:3316460; rev:5; classtype:trojan-activity;)

Mar 4, 2022, 12:00 PM

Sep 16, 2025, 12:00 PM

May 1, 2024, 10:00 PM

Sep 16, 2025, 8:34 PM

rules/PAW-PATRULES_UNC1878_FQDN.rules