ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)

SID: 2030267Rev: 10 viewsHistory

Sourceet/open

CreatedJune 9, 2020

UpdatedJune 9, 2020

Classificationdomain-c2

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)"; dns.query; content:"workrepair.bazar"; nocase; bsize:16; reference:url,blog.fox-it.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family; classtype:domain-c2; sid:2030267; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_06_09, deployment Perimeter, confidence High, signature_severity Major, updated_at 2020_06_09;)

References

url	blog.fox-it.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

created at2020_06_09

deploymentPerimeter

confidenceHigh

signature severityMajor

updated at2020_06_09

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!