ET INFO Possible Zeus GameOver/FluBot Related DGA Pattern

SID: 2018316Rev: 511 views
History
Sourceet/open
CreatedMarch 25, 2014
UpdatedApril 10, 2025
Classificationmisc-activity
alert udp any 53 -> $HOME_NET any (msg:"ET INFO Possible Zeus GameOver/FluBot Related DGA Pattern"; byte_test:1,&,128,2; byte_test:1,&,1,3; byte_test:1,&,2,3; content:"|00 01 00 00 00 01|"; offset:4; depth:6; pcre:"/^..[\x0d-\x20][a-z]{13,32}(?:\x03(?:biz|com|net|org)|\x04info|\x02ru)\x00\x00\x01\x00\x01/Rs"; threshold:type both, track by_dst, count 12, seconds 120; reference:url,vrt-blog.snort.org/2014/03/decoding-domain-generation-algorithms.html; classtype:misc-activity; sid:2018316; rev:5; metadata:created_at 2014_03_25, deprecation_reason Relevance, former_category MALWARE, confidence Medium, signature_severity Major, updated_at 2025_04_10;)

References

urlvrt-blog.snort.org/2014/03/decoding-domain-generation-algorithms.html

Metadata

created at2014_03_25
deprecation reasonRelevance
former categoryMALWARE
confidenceMedium
signature severityMajor
updated at2025_04_10

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!