alert dns $HOME_NET any -> any 53 (msg:"ET MALWARE DNS Request for Zaletelly CnC Domain"; dns.query; content:"zaletelly"; startswith; fast_pattern; content:"|2e|be"; endswith; pcre:"/^zaletelly(?:[0-9])+\x2ebe$/"; reference:url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~MDrop-EAB/detailed-analysis.aspx; classtype:command-and-control; sid:2014513; rev:3; metadata:created_at 2012_04_05, confidence High, signature_severity Major, updated_at 2024_03_26;)