Add signature for DNS based CnC signs

cuckoosandbox / community

Repository of modules and signatures contributed by the community

324 stars 175 forks source link

Closed kevross33 closed 6 years ago

kevross33 commented 6 years ago

Adding initial signature for DNS based command and control detection. Working on other sigs like DGA.

kevross33 commented 6 years ago

TXT record lookup sig.

Sample MD5 2abad0ae32dd72bac5da0af1e580a2eb detailed here blog.talosintelligence.com/2017/03/dnsmessenger.html

jbremer commented 6 years ago

Merged, thanks! Checking hash later.