#alert tcp $HOME_NET 1023: -> $EXTERNAL_NET 53 (msg:"ET TROJAN Potential DNS Command and Control via TXT queries"; flow:established,to_server; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:4; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 10, seconds 300; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html; classtype:trojan-activity; sid:2013515; rev:3; metadata:created_at 2011_09_01, updated_at 2011_09_01;)

Added 2017-08-07 21:06:50 UTC


#alert tcp $HOME_NET 1023: -> $EXTERNAL_NET 53 (msg:"ET TROJAN Potential DNS Command and Control via TXT queries"; flow:established,to_server; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:4; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 10, seconds 300; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html; classtype:trojan-activity; sid:2013515; rev:3;)

Added 2013-11-27 16:18:06 UTC


alert tcp $HOME_NET 1023: -> $EXTERNAL_NET 53 (msg:"ET TROJAN Potential DNS Command and Control via TXT queries"; flow:established,to_server; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:4; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 10, seconds 300; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html; classtype:trojan-activity; sid:2013515; rev:2;)

Added 2012-04-16 18:46:09 UTC


alert tcp $HOME_NET 1023: -> $EXTERNAL_NET 53 (msg:"ET TROJAN Potential DNS Command and Control via TXT queries"; flow:established,to_server; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|00 00 10 00 01|"; threshold:type both, track by_src,count 10, seconds 300; reference:url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html; classtype:trojan-activity; sid:2013515; rev:1;)

Added 2011-10-12 19:37:04 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats