ET MALWARE DNSG - Data Exfiltration via DNS - Suricata Rule 2028631 (et/open)

ET MALWARE DNSG - Data Exfiltration via DNS

SID: 2028631Rev: 23 viewsHistory

Sourceet/open

CreatedSeptember 19, 2019

UpdatedApril 15, 2020

Classificationcommand-and-control

alert dns $HOME_NET any -> any any (msg:"ET MALWARE DNSG - Data Exfiltration via DNS"; content:"|00 00 13 00 01|"; endswith; fast_pattern; dns.query; content:".com"; endswith; pcre:"/^[A-Za-z0-9\-_\.]{20,80}\.[a-z]{2}\d{2}\.com$/"; threshold:type limit, count 1, seconds 60, track by_src; classtype:command-and-control; sid:2028631; rev:2; metadata:attack_target Client_and_Server, created_at 2019_09_19, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag DNS_tunneling, updated_at 2020_04_15;)

Metadata

attack targetClient_and_Server

created at2019_09_19

deploymentInternal

performance impactLow

confidenceHigh

signature severityMajor

tagDNS_tunneling

updated at2020_04_15

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!