ET MALWARE Win32/Warzone RAT Variant CnC Domain in DNS Lookup (dost .igov-service .net)

SID: 2035646Rev: 20 views
History
Sourceet/open
CreatedMarch 29, 2022
UpdatedMarch 29, 2022
Classificationdomain-c2
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Win32/Warzone RAT Variant CnC Domain in DNS Lookup (dost .igov-service .net)"; dns.query; content:"dost.igov-service.net"; fast_pattern; nocase; bsize:21; reference:url,decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/; reference:md5,49e8853801554d9de4dd281828094c8a; classtype:domain-c2; sid:2035646; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_03_29, deployment Perimeter, malware_family Win32_Warzone, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_29;)

References

urldecoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/
md5
49e8853801554d9de4dd281828094c8a
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2022_03_29
deploymentPerimeter
malware familyWin32_Warzone
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_03_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!