ET MALWARE Possible Tinba DGA NXDOMAIN Responses
Sourceet/open
CreatedSeptember 24, 2014
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert udp any 53 -> $HOME_NET any (msg:"ET MALWARE Possible Tinba DGA NXDOMAIN Responses"; byte_test:1,&,128,2; byte_test:1,&,1,3; byte_test:1,&,2,3; content:"|00 01 00 00 00 01|"; offset:4; depth:6; content:"|03|com"; distance:15; within:4; fast_pattern; content:"|0c|"; distance:-17; within:1; pcre:"/^[a-z]{12}/R"; threshold:type both, track by_src, count 50, seconds 10; content:!"|08|sophosxl|03|"; reference:md5,1044af21a7c4cbc291ab418a47de52b4; reference:url,seculert.com/blog/2014/09/tiny-tinba-trojan-could-pose-big-threat.html; reference:url,garage4hackers.com/entry.php?b=3086; classtype:trojan-activity; sid:2019230; rev:2; metadata:created_at 2014_09_24, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
References
| md5 | 1044af21a7c4cbc291ab418a47de52b4 |
| url | seculert.com/blog/2014/09/tiny-tinba-trojan-could-pose-big-threat.html |
| url | garage4hackers.com/entry.php?b=3086 |
Metadata
created at2014_09_24
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_07_26
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!