Versions (3)
Version DetailsCurrent
Rev: 2 • Sep 19, 2019, 12:00 PMET MALWARE DNSG - Data Exfiltration via DNS
alert dns $HOME_NET any -> any any (msg:"ET MALWARE DNSG - Data Exfiltration via DNS"; content:"|00 00 13 00 01|"; endswith; fast_pattern; dns.query; content:".com"; endswith; pcre:"/^[A-Za-z0-9\-_\.]{20,80}\.[a-z]{2}\d{2}\.com$/"; threshold:type limit, count 1, seconds 60, track by_src; classtype:command-and-control; sid:2028631; rev:2; metadata:attack_target Client_and_Server, created_at 2019_09_19, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag DNS_tunneling, updated_at 2020_04_15;)
Sep 19, 2019, 12:00 PM
Apr 15, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules