Versions (4)
Version DetailsCurrent
Rev: 1 • Oct 31, 2014, 12:00 PMET MALWARE Possible Tinba DGA NXDOMAIN Responses (2)
alert udp any 53 -> $HOME_NET any (msg:"ET MALWARE Possible Tinba DGA NXDOMAIN Responses (2)"; byte_test:1,&,128,2; byte_test:1,&,1,3; byte_test:1,&,2,3; content:"|00 01 00 00 00 01|"; offset:4; depth:6; content:"|02|ru|00|"; distance:15; within:4; fast_pattern; content:"|0c|"; distance:-17; within:1; pcre:"/^[a-z]{12}/R"; threshold:type both, track by_src, count 50, seconds 10; reference:md5,5808cc73c78263a8114eb205f510f6a7; reference:url,blog.malwarebytes.org/exploits-2/2014/10/exposing-the-flash-eitest-malware-campaign/; classtype:trojan-activity; sid:2019609; rev:1; metadata:created_at 2014_10_31, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Oct 31, 2014, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Feb 11, 2026, 10:34 PM
rules/emerging-malware.rules