ET MALWARE Transparent Tribe/CapraRAT CnC Domain in DNS LookupSource: et/open
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Transparent Tribe/CapraRAT CnC Domain in DNS Lookup"; dns.query; bsize:15; content:"newsbizshow.net"; nocase; reference:url,www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones; classtype:domain-c2; sid:2048108; rev:1; metadata:affected_product Android, attack_target Mobile_Client, created_at 2023_09_18, deployment Perimeter, malware_family CapraRAT, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_09_18, reviewed_at 2023_09_18;)
Reference
URLhttp://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones
Metadata
affected_productAndroid
attack_targetMobile_Client
created_at2023_09_18
deploymentPerimeter
malware_familyCapraRAT
performance_impactLow
confidenceHigh
signature_severityMajor
updated_at2023_09_18
reviewed_at2023_09_18