TGI HUNT Anomalous DNS >512 bytes over UDP

SID: 2610454Rev: 111 views
History
Sourcetgreen/hunting
CreatedMarch 19, 2025
UpdatedMarch 19, 2025
Classificationtrojan-activity
alert udp $HOME_NET any -> $EXTERNAL_NET any (msg:"TGI HUNT Anomalous DNS >512 bytes over UDP"; dsize:>512; prefilter; content:"|01 00 00 01 00 00 00 00 00 00|"; offset:2; depth:10; reference:url,tools.ietf.org/html/rfc5966; classtype:trojan-activity; sid:2610454; rev:1;)

References

urltools.ietf.org/html/rfc5966

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!