Versions (5)
Version DetailsCurrent
Rev: 10 • Mar 13, 2012, 12:00 PMET MALWARE Lookup of Algorithm Generated Zeus CnC Domain (DGA)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Lookup of Algorithm Generated Zeus CnC Domain (DGA)"; byte_test:1,!&,0xF8,2; dns.query; content:".ru"; nocase; endswith; pcre:"/^(?:([a-z0-9])(?!\1)){33,}\.ru$/"; classtype:command-and-control; sid:2014363; rev:10; metadata:created_at 2012_03_13, deprecation_reason False_Positive, performance_impact Significant, confidence High, signature_severity Major, updated_at 2025_12_16;)Mar 13, 2012, 12:00 PM
Dec 16, 2025, 12:00 PM
Sep 21, 2024, 3:00 AM
Dec 16, 2025, 10:34 PM
rules/emerging-malware.rules