ET MALWARE Large DNS Query possible covert channel

SID: 2013075Rev: 106 views
History
Sourceet/open
CreatedJune 21, 2011
UpdatedMarch 28, 2024
Classificationbad-unknown
alert udp $HOME_NET any -> any 53 (msg:"ET MALWARE Large DNS Query possible covert channel"; content:"|01 00 00 01 00 00 00 00 00 00|"; fast_pattern; depth:10; offset:2; dsize:>300; content:!"youtube|03|com|00|"; content:!"sophosxl|03|net|00|"; content:!"|0a|hashserver|02|cs|0a|trendmicro|03|com|00|"; content:!"spamhaus|03|org|00|"; classtype:bad-unknown; sid:2013075; rev:10; metadata:created_at 2011_06_21, confidence Medium, signature_severity Major, updated_at 2024_03_28;)

Metadata

created at2011_06_21
confidenceMedium
signature severityMajor
updated at2024_03_28

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!