-
Notifications
You must be signed in to change notification settings - Fork 1
/
PAW-PATRULES_LOCKEAN_FQDN.rules
129 lines (128 loc) Β· 43.1 KB
/
PAW-PATRULES_LOCKEAN_FQDN.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# KXK00OOkxxkO00KX0
# ,NXKxo:,'... ...';cdOXN:
# l;. ..,:ldxkOOOOOOkkxol:,.. .o
# dk lOOOOOOkkkkkkkkkkkOOOOOOx dk
# KNXOc. :0OkkkkkkkkkkkkkkkkkkkkkO0l. :kXNX
# x. .'ckOOkkkkkkkkkkkookkkkkkkkkkOOOl,. .k
# d. o0Okkkkkkkkkkkkk. okkkkkkkkkkOO0k x
# l. c0kkkkkkko. .ckk .kd..'xkkkkkk0x .o
# ;, ;0kkkkkkkc ;ko. .dk. :kkkkkk0l ':
# .l .OOkkkkkkkl. .lkocldkkl. 'xkkkkkOO, c.
# l o0kkkk:..'dkkk. .;okkkkkkkkk0x l
# .: .OOkkk; xk, .:kkkkkO0; ;.
# ;. :0kkkko;,cko :kkkk0d .:
# : oOkkkkkkkk .dkkk0k. :
# : dOkkkkkkk .:odxkkkkkOk. ;
# ; oOkkkkkkx:,,ckkkkkkkkkkOx. ,
# '. ;OOkkkkkkkkkkkkkkkkkOOc '
# ' .lOOkkkkkkkkkkkkkOOd. .
# . .lOOkkkkkkkkkOOo' ..
# ' .;dOOOkOOOx:. .
# .. .,lxo;. ..
# .. ..
#
# ____ ___ __ ____ _ _
#| _ \ / \ \ / / | _ \ __ _| |_ _ __ _ _| | ___ ___
#| |_) / _ \ \ /\ / / | |_) / _` | __| '__| | | | |/ _ \/ __|
#| __/ ___ \ V V / | __/ (_| | |_| | | |_| | | __/\__ \
#|_| /_/ \_\_/\_/ |_| \__,_|\__|_| \__,_|_|\___||___/
#
# IDS Rules for Suricata
# π Charles BLANC-ROLIN β ΅ - https://pawpatrules.fr - https://www.apssis.com - https://github.com/woundride
# Licence CC BY-NC-SA 4.0 : https://creativecommons.org/licenses/by-nc-sa/4.0/
# π΄ββ οΈ Lockean Group - FQDN
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"adjustclouds.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309832; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akabox.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309833; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akabox.tech"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309834; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamacloud.pro"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309835; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamacloud.tech"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309836; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamaclouds.app"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309837; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamaclouds.tech"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309838; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamai-technologies.digital"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309839; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamai-technologies.host"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309840; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamai-technologies.online"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309841; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamai-technologies.site"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309842; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamai-technologies.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309843; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamai-technologies.website"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309844; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akamalupdate.site"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309845; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"akastat.app"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309846; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.digital"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309847; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.host"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309848; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.industries"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309849; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.network"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309850; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.online"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309851; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.site"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309852; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309853; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.support"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309854; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.tech"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309855; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.trade"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309856; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.website"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309857; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.work"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309858; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amajai-technologies.world"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309859; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amamai-tecnologies.cloud"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309860; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amamai-tecnologies.digital"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309861; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amamai-tecnologies.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309862; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amapai-technologies.digital"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309863; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amapai-technologies.email"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309864; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amapai-technologies.site"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309865; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amapai-technologies.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309866; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amapai-technologies.support"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309867; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amapai-technologies.website"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309868; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amapai-technologies.work"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309869; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amapai-technologies.world"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309870; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amasonstore.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309871; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amatai-technologies.digital"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309872; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amatai-technologies.site"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309873; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amatai-technologies.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309874; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amatai-technologies.website"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309875; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amazai-technologies.online"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309876; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amazai-technologies.site"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309877; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amazai-technologies.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309878; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amazai-technologies.support"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309879; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amazai-technologies.website"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309880; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"amazai-technologies.world"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309881; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"asurecloud.pro"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309882; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"asurecloud.tech"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309883; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"asureupdate.pro"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309884; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"asureupdate.tech"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309885; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"atakai-technologies.host"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309886; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"atakai-technologies.online"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309887; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"atakai-technologies.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309888; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"atakai-technologies.website"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309889; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"atakai-technologies.work"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309890; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"azuresecure.tech"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309891; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"azurestat.app"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309892; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"c2.hax.vg"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309893; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"cdnengine.biz"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309894; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"classworldint.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309895; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"cloudflace-network.digital"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309896; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"cloudmetric.online"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309897; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"dealsforyoutoday.org"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309898; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"displaychecks.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309899; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"electronicwhosaleonline.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309900; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"entirelysecuritybusiness.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309901; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"hesitatesecuritybusiness.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309902; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"itstrueloves.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309903; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"justicedev.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309904; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"killsecuritybusiness.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309905; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"knotsecuritybusiness.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309906; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"madesecuritybusiness.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309907; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"notescloud.org"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309908; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"onlineceoshelp.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309909; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"orientalclient.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309910; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"perfectappt.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309911; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"rackspare-technology.digital"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309912; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"rackspare-technology.download"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309913; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"rackspare-technology.network"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309914; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"rackspare-technology.online"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309915; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"rackspare-technology.space"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309916; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"risetomoon.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309917; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"ropesecuritybusiness.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309918; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"securesurvey.cloud"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309919; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"securitybusinessmean.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309920; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"securitypanels.org"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309921; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"setupfastonline.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309922; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"smalleststores.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309923; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"stackpatc-technologies.digital"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309924; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"stexwhosaleonline.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309925; rev:1; classtype:trojan-activity;)
alert dns any any -> any any (msg:"πΎ - β DNS Request π > π΄ββ οΈ Lockean Group - Cobalt Strike C2 Domain"; flow:to_server, stateless; dns_query; content:"ticksecuritybusiness.com"; nocase; reference: url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-008/; reference: url,https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-004/; metadata:created_at 2021_11_03, updated_at 2021_11_03; sid:3309926; rev:1; classtype:trojan-activity;)