APP-DETECT -- Snort attempted to take unique patterns of traffic and match them to a known application pattern, to confirm whether traffic should be allowed or stopped. (For example, a Get request is usually an HTTP/web application exchange, perhaps Facebook Messenger or other instant messenger, etc.).
APP-DETECT iodine dns tunneling handshake server ACK
None provided
No public information
No known false positives
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org