""ET TROJAN Lookup of Algorithm Generated Zeus CnC Domain (DGA)""
SID: 2014363
Revision: 9
Class Type: trojan-activity
Metadata: created_at 2012_03_13, performance_impact Significant, updated_at 2022_07_15
Reference:
Protocol: udp
Source Network: $HOME_NET
Source Port: any
Destination Network: any
Destination Port: 53
Flow:
Contents:
- Value: "|02|ru|00|"
Within:
PCRE: "/(?:([a-z0-9])(?!\1)){33,}\x02ru\x00\x00/"
Special Options: