""ET TROJAN DNS Query to Magecart Domain (yanaloop .shop)""

SID: 2052464

Revision: 1

Class Type: trojan-activity

Metadata: attack_target Client_Endpoint, created_at 2024_05_07, deployment Perimeter, malware_family MageCart, signature_severity Major, updated_at 2024_05_07

Reference:

• Link

Protocol: udp

Source Network: $HOME_NET

Source Port: any

Destination Network: any

Destination Port: 53

Flow:

Contents:

• Value: "|01|" Depth: 1 Offset: 2

• Value: "|00 01 00 00 00 00 00|"

• Value: "|08|yanaloop|04|shop|00|"

Within: 7

PCRE:

Special Options:

• fast_pattern

• nocase

source