ET MALWARE Win32/FunnyDream Backdoor Related Domain in DNS Lookup (www .aexhausts .com)

SID: 2034735Rev: 10 views
History
Sourceet/open
CreatedDecember 15, 2021
UpdatedDecember 15, 2021
Classificationdomain-c2
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Win32/FunnyDream Backdoor Related Domain in DNS Lookup (www .aexhausts .com)"; dns.query; content:"www.aexhausts.com"; nocase; bsize:17; reference:md5,23d4cfceb70d19cf5dc15ea0e8ea1acd; reference:md5,1f3a2e8058411cc04f474a68501b3045; reference:md5,fa80669685cf12de62b4e3156b997553; reference:url,go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf; classtype:domain-c2; sid:2034735; rev:1; metadata:attack_target Client_Endpoint, created_at 2021_12_15, deployment Perimeter, malware_family TAG_16, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_12_15;)

References

md5
23d4cfceb70d19cf5dc15ea0e8ea1acd
Google SearchBrave Search
md5
1f3a2e8058411cc04f474a68501b3045
Google SearchBrave Search
md5
fa80669685cf12de62b4e3156b997553
Google SearchBrave Search
urlgo.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf

Metadata

attack targetClient_Endpoint
created at2021_12_15
deploymentPerimeter
malware familyTAG_16
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2021_12_15

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!