🐾 - ☠ TA505 - DNS request 🌐 - def-update.com - 🎛 Get2 C2

SID: 3315271Rev: 10 views
Sourcepawpatrules
CreatedJune 27, 2020
UpdatedJune 27, 2020
Classificationtrojan-activity
alert dns any any -> any any (msg:"🐾 - ☠ TA505 - DNS request 🌐 - def-update.com - 🎛 Get2 C2"; flow:to_server, stateless; dns_query; content:"def-update.com"; nocase; reference:url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2020-IOC-004/; reference:url,https://malpedia.caad.fkie.fraunhofer.de/actor/ta505; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.get2; metadata:created_at 2020_06_27, updated_at 2020_06_27; sid:3315271; rev:1; classtype:trojan-activity;)

References

urlhttps://www.cert.ssi.gouv.fr/ioc/CERTFR-2020-IOC-004/
urlhttps://malpedia.caad.fkie.fraunhofer.de/actor/ta505
urlhttps://malpedia.caad.fkie.fraunhofer.de/details/win.get2

Metadata

created at2020_06_27
updated at2020_06_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!