alert dns $HOME_NET any -> any any (msg:"ET MALWARE AlinaPOS Exfiltration via DNS"; dns.query; content:".akamai-technologies.com"; nocase; endswith; pcre:"/^[A-Z0-9_-]+\.akamai-technologies\.com$/i"; reference:url,blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/; classtype:command-and-control; sid:2030443; rev:1; metadata:created_at 2020_07_02, deployment Perimeter, malware_family AlinaPOS, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_07_02;)