ET MALWARE Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014

SID: 2018666Rev: 42 views
History
Sourceet/open
CreatedJuly 11, 2014
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert udp any 53 -> $HOME_NET any (msg:"ET MALWARE Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014"; byte_test:1,&,128,2; byte_test:1,&,1,3; byte_test:1,&,2,3; content:"|00 01 00 00 00 01|"; offset:4; depth:6; pcre:"/^..[\x0d-\x20](?=\d{0,27}[a-z])(?=[a-z]{0,27}\d)[a-z0-9]{21,28}(?:\x03(?:biz|com|net|org))\x00\x00\x01\x00\x01/Rs"; threshold:type both, track by_dst, count 12, seconds 120; reference:url,blog.malcovery.com/blog/breaking-gameover-zeus-returns; reference:md5,5e5e46145409fb4a5c8a004217eef836; classtype:trojan-activity; sid:2018666; rev:4; metadata:created_at 2014_07_11, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

urlblog.malcovery.com/blog/breaking-gameover-zeus-returns
md5
5e5e46145409fb4a5c8a004217eef836
Google SearchBrave Search

Metadata

created at2014_07_11
confidenceMedium
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!