ET MALWARE Observed Donot Group Relaed Domain (mayosasa .buzz in TLS SNI)

SID: 2044199Rev: 26 views
History
Sourceet/open
CreatedFebruary 14, 2023
UpdatedMay 31, 2023
Classificationdomain-c2
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed Donot Group Relaed Domain (mayosasa .buzz in TLS SNI)"; flow:established,to_server; tls.sni; content:"mayosasa.buzz"; bsize:13; fast_pattern; reference:url,twitter.com/jaydinbas/status/1625133287361355776; reference:md5,2abc60fa1e042612e723360ccd8220c6; classtype:domain-c2; sid:2044199; rev:2; metadata:attack_target Client_Endpoint, created_at 2023_02_14, deployment Perimeter, malware_family DonotGroup, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_05_31, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol; target:src_ip;)

References

urltwitter.com/jaydinbas/status/1625133287361355776
md5
2abc60fa1e042612e723360ccd8220c6
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2023_02_14
deploymentPerimeter
malware familyDonotGroup
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_05_31
mitre tactic idTA0011
mitre tactic nameCommand_And_Control
mitre technique idT1071
mitre technique nameApplication_Layer_Protocol

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!