ET MALWARE Suspected DNS2TCP Auth

SID: 2026416Rev: 20 views
History
Sourceet/open
CreatedSeptember 26, 2018
UpdatedAugust 25, 2020
Classificationtrojan-activity
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Suspected DNS2TCP Auth"; dns.query; content:".=auth."; fast_pattern; pcre:"/^[A-Za-z0-9\/\-\+]{40,}\.=auth\./"; classtype:trojan-activity; sid:2026416; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_09_26, deployment Perimeter, malware_family DNS2TCP, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2020_08_25;)

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_Endpoint
created at2018_09_26
deploymentPerimeter
malware familyDNS2TCP
performance impactModerate
confidenceMedium
signature severityMajor
updated at2020_08_25

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!