Can we have rule for dnscat2 please

Question

Can we have rule for dnscat2 please

Jackson-Pollock opened this issue 3 years ago · 3 comments

Jackson-Pollock commented 3 years ago

Answer 1 · 2021-12-28T21:29:44.000Z

Can you provide PCAP? email to travis at travisgreen.net pls

Answer 2 · 2022-02-22T09:32:23.000Z

Sorry for the delay in response. Emailed pcap.

Answer 3 · 2024-03-19T20:55:20.000Z

Oops, added this some time ago and forgot to close this issue:
02/22/2022-02:18:38.749061 [**] [1:2610812:1] TGI HUNT dnscat in DNS Query [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.30.10:49409 -> 192.168.30.20:53
Thank you @Jackson-Pollock