🐾 - 👁 Suspicious DNS Request 🌐 -fr.org > Possible 🏴‍☠️ FIN7 🇷🇺 Group

SID: 3309686Rev: 1112 views
History
Sourcepawpatrules
CreatedOctober 26, 2021
UpdatedJuly 19, 2025
Classificationtrojan-activity
alert dns any any -> any any (msg:"🐾 - 👁 Suspicious DNS Request 🌐 -fr.org > Possible 🏴‍☠️ FIN7 🇷🇺 Group"; flow:to_server, stateless; dns_query; content:"-fr.org"; fast_pattern; nocase; content:!"mmt-fr.org"; nocase; content:!"ubuntu-fr.org"; nocase; content:!"fedora-fr.org"; nocase; content:!"pharmacol-fr.org"; nocase; content:!"sfpt-fr.org"; nocase; content:!"debian-fr.org"; nocase; reference:url,https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/; reference:url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; metadata:created_at 2021_10_26, updated_at 2025_07_19; sid:3309686; rev:11; classtype:trojan-activity;)

References

urlhttps://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/
urlhttps://malpedia.caad.fkie.fraunhofer.de/actor/fin7

Metadata

created at2021_10_26
updated at2025_07_19

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!