""ET TROJAN Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014""
SID: 2018666
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2014_07_11, updated_at 2014_07_11
Reference:
-
md5
-
5e5e46145409fb4a5c8a004217eef836
Protocol: udp
Source Network: any
Source Port: 53
Destination Network: $HOME_NET
Destination Port: any
Flow:
Contents:
- Value: "|00 01 00 00 00 01|" Depth: 6 Offset: 4
Within:
PCRE: "/^..\x0d-\x20(?=[a-z]{0,27}\d)[a-z0-9]{21,28}(?:\x03(?:biz|com|net|org))\x00\x00\x01\x00\x01/Rs"
Special Options: