Versions (4)
Version DetailsCurrent
Rev: 5 • Jul 13, 2015, 12:00 PMET MALWARE Likely Linux/Xorddos DDoS Attack Participation (xxxatat456.com)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Likely Linux/Xorddos DDoS Attack Participation (xxxatat456.com)"; threshold:type both,track by_src,count 10,seconds 120; dns.query; content:"xxxatat456.com"; depth:14; fast_pattern; nocase; endswith; reference:md5,5a6bd6b5e00333b8d39ff6be13a346f6; classtype:trojan-activity; sid:2021410; rev:5; metadata:created_at 2015_07_13, confidence Medium, signature_severity Major, updated_at 2020_09_17;)
Jul 13, 2015, 12:00 PM
Sep 17, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules