Mozart sig

1. alert dns any any -> $HOME_NET any (msg:"MALWARE Mozart C2 traffic detected"; content:"|00 01 00 01 00 00 00 00|"; offset:4; depth:8; content:"gettasks|00|"; nocase; fast_pattern; metadata: former_category TROJAN; classtype:trojan-activity; sid:20166312; rev:1; metadata:created_at 2020_02_11;)