ET MALWARE Potential DNS Command and Control via TXT queries

SID: 2013515Rev: 30 viewsHistory

Sourceet/open

CreatedSeptember 2, 2011

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert tcp $HOME_NET 1023: -> $EXTERNAL_NET 53 (msg:"ET MALWARE Potential DNS Command and Control via TXT queries"; flow:established,to_server; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:4; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 10, seconds 300; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html; classtype:trojan-activity; sid:2013515; rev:3; metadata:created_at 2011_09_02, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

url	lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html

Metadata

created at2011_09_02

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!