""ET TROJAN Vidar Stealer CnC Domain in DNS Lookup""

SID: 2035872

Revision: 2

Class Type: trojan-activity

Metadata: attack_target Client_Endpoint, created_at 2022_04_07, deployment Perimeter, former_category MALWARE, performance_impact Low, signature_severity Major, updated_at 2022_04_07

Reference:

• Link

Protocol: udp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 53

Flow:

Contents:

• Value: "|01|" Depth: 1 Offset: 2

• Value: "|00 01 00 00 00 00 00|"

• Value: "|0f|computerprotect|02|me|00|"

Within: 20

PCRE:

Special Options:

• fast_pattern

source