Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)"; threshold:type limit,track by_src,count 3,seconds 60; dns.query; content:"aa.hostasa.org"; depth:14; fast_pattern; nocase; endswith; reference:md5,3c49b5160b981f06bd5242662f8d0a54; classtype:trojan-activity; sid:2021326; rev:6; metadata:created_at 2015_06_24, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_17;)