ET HUNTING Suspected DNS CnC via TXT queries

SID: 2033185Rev: 20 views
History
Sourceet/open
CreatedJune 24, 2021
UpdatedMarch 1, 2023
Classificationbad-unknown
alert dns $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Suspected DNS CnC via TXT queries"; content:"|01 00 00 01 00 00 00 00 00|"; depth:9; offset:2; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 500, seconds 300; classtype:bad-unknown; sid:2033185; rev:2; metadata:attack_target Client_Endpoint, created_at 2021_06_24, deployment Perimeter, deployment Internal, performance_impact Significant, confidence Medium, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_03_01;)

Metadata

attack targetClient_Endpoint
created at2021_06_24
deploymentInternal
performance impactSignificant
confidenceMedium
signature severityMinor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_03_01

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!