""ET TROJAN Possible Zeus .ru CnC Domain Generation Algorithm (DGA) Lookup Detected""
SID: 2014376
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2012_03_14, updated_at 2014_09_15
Reference:
Protocol: udp
Source Network: $HOME_NET
Source Port: any
Destination Network: any
Destination Port: 53
Flow:
Contents:
- Value: "|02|ru|00|"
Within:
PCRE: "/[^a-z0-9-.][a-z]{32,48}\x02ru\x00\x00/"
Special Options:
- fast_pattern