Versions (4)
Version DetailsCurrent
Rev: 3 • Sep 2, 2011, 12:00 PMET MALWARE Potential DNS Command and Control via TXT queries
alert tcp $HOME_NET 1023: -> $EXTERNAL_NET 53 (msg:"ET MALWARE Potential DNS Command and Control via TXT queries"; flow:established,to_server; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:4; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 10, seconds 300; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html; classtype:trojan-activity; sid:2013515; rev:3; metadata:created_at 2011_09_02, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Sep 2, 2011, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 9, 2025, 10:34 PM
rules/emerging-malware.rules