alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN Possible Zeus .ru CnC? Domain Generation Algorithm (DGA) Lookup Detected"; byte_test:1,!&,0xF8,2; content:"|02|ru|00|"; fast_pattern:only; pcre:"/[^a-z0-9\-\.][a-z]{32,48}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014376; rev:3; metadata:created_at 2012_03_14, updated_at 2012_03_14;)

Added 2017-08-07 21:07:46 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET TROJAN Possible Zeus .ru CnC? Domain Generation Algorithm (DGA) Lookup Detected"; byte_test:1,!&,0xF8,2; content:"|02|ru|00|"; fast_pattern:only; pcre:"/[^a-z0-9\-\.][a-z]{32,48}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014376; rev:3;)

Added 2014-09-15 18:30:49 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET CURRENT_EVENTS Possible Zeus .ru CnC? Domain Generation Algorithm (DGA) Lookup Detected"; byte_test:1,!&,0xF8,2; content:"|02|ru|00|"; fast_pattern; pcre:"/[^a-z0-9\-\.][a-z]{32,48}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014376; rev:3;)

Added 2013-08-06 19:57:58 UTC


alert udp $HOME_NET any -> any 53 (msg:"ET CURRENT_EVENTS Possible Zeus .ru CnC? Domain Generation Algorithm (DGA) Lookup Detected"; byte_test:1,!&,0xF8,2; content:"|02|eu|00|"; fast_pattern:only; pcre:"/[^a-z0-9\-\.][a-z]{32,48}\x02ru\x00\x00/"; classtype:trojan-activity; sid:2014376; rev:1;)

Added 2012-03-14 18:22:15 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats