alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET TROJAN Lookup of Algorithm Generated Zeus CnC? Domain (DGA)"; byte_test:1,!&,0xF8,2; content:"|02|ru|00|"; pcre:"/[a-z0-9]{33,}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014363; rev:7; metadata:created_at 2012_03_12, updated_at 2012_03_12;)

Added 2017-08-07 21:07:45 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET TROJAN Lookup of Algorithm Generated Zeus CnC? Domain (DGA)"; byte_test:1,!&,0xF8,2; content:"|02|ru|00|"; pcre:"/[a-z0-9]{33,}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014363; rev:7;)

Added 2014-09-15 18:30:49 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET CURRENT_EVENTS Lookup of Algorithm Generated Zeus CnC? Domain (DGA)"; byte_test:1,!&,0xF8,2; content:"|02|ru|00|"; pcre:"/[a-z0-9]{33,}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014363; rev:6;)

Added 2014-01-02 20:21:29 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET CURRENT_EVENTS Lookup of Algorithm Generated Zeus CnC? Domain (DGA) in .ru"; byte_test:1,!&,0xF8,2; content:"|02|ru|00|"; fast_pattern:only; pcre:"/[a-z0-9]{33,}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014363; rev:2;)

Added 2012-03-12 19:45:54 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET CURRENT_EVENTS Lookup of Algorithm Generated Zeus CnC? Domain (DGA) in .ru"; byte_test:1,!&,0xF8,2; content:"|02|ru|00|"; fast_pattern:only; pcre:"/[a-z0-9]{33,}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014363; rev:2;)

Added 2012-03-12 19:45:19 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats